76% of vulnerabilities exploited in 2022 were up to 13 years old
Something as common and widely known as a software update can prevent major cyberattacks from happening, as they incorporate patches that fix system vulnerabilities. Prioritizing updates may seem a burdensome and inconvenient task for users, because computers and servers have to restart to perform installation, which interrupts users when they are working. This is why updates are often postponed and recommended patches that could prevent common security problems such as theft and loss of identity are ignored.
According to data from a recent study, ransomware groups exploited a total of 244 unique vulnerabilities to launch attacks last year; that's 56 more compared to 2021, an increase of 19% in one year. Moreover, out of the 56, 76% were first detected between 2010 and 2019 and are still being exploited even though patches are available.
Why should we be worried about software vulnerabilities in 2023?
Anybody who has been avoiding updates all their lives, and has luckily escaped unscathed, may have a false sense of security and think they are not that necessary. However, the cyberattack targeting the Italian energy company Acea in February of this year shows how wrong they can be. In this incident, the ransomware group known as BlackBasta accessed the energy company's systems after exploiting a vulnerability in ESXi servers that security professionals have known about since 2021 but which was not patched in this case. .;The attack did not escalate as, according to Acea, it did not manage to impact the essential services it provides to citizens. However, it did partially affect the company's internal IT services that perform necessary analysis and control activities, as well as accessing its website.
In this regard, data presented by IBM in its annual X-Force Threat Intelligence Index 2023 indicates that 26% of reported cyberattacks in 2022 were due to the exploitation of known vulnerabilities. This figure demonstrates the huge weight of this attack vector as an entry route for threat actors, as it ranks second among the main infection vectors and has been a preferred method of compromise for attackers since 2019.
Software updates: the first step is cybersecurity
As demonstrated, new vulnerabilities are continually emerging and, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the best defense against those seeking to exploit already patched vulnerabilities is to keep software up to date. They also recommend taking a series of actions to ensure that your software is up to date at all times:
- Enable automatic software updates whenever possible. This will ensure that software updates are installed as quickly as possible.
- Avoid using obsolete (EOL) and unsupported software.
- Visit vendor sites directly and do not click on advertisements or email links.
- Do not perform software updates when using untrustworthy networks.
Hole-filling at the endpoint
It is clear that software patches and updates are critical in ensuring the robustness of an organization's cybersecurity. In addition to the practices recommended by CISA, companies have a duty to monitor and mitigate known vulnerabilities that are exploited, time and time again, as a means of gaining access to their networks. After all, these vulnerabilities pose a greater and more real risk than other types of threats.
An additional danger of ransomware breathing new life into old vulnerabilities is that many CVSS (Common Vulnerability Scoring System) scores do not take into account situations where an old, seemingly low-severity vulnerability is exploited years later.
Using tools such as WatchGuard Patch Management,which help keep systems up to date and protected through available patches and works with WatchGuard's endpoint security solutions, is a great advantage when it comes to protecting your systems and combating cybercriminals. Keeping on top of updates released by vendors can be a challenge and leaves room for error, while having a database that allows you to compare patches that have been installed on a network's endpoints can shield systems and prevent malware attacks on vulnerable workstations and servers.