Skip to main content
close search
site logo
Dive Brief

Network vulnerabilities declined in 2021, but attacks hit all-time high

Five of the 10 most-exploited vulnerabilities last year were identified before 2020, and No. 3 dates back to 2017.

Published July 22, 2022
Matt Kapko's headshot
Senior Reporter
Server row light up with blue lights
Morris MacMatzen via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • The number of network-related CVEs considered medium severity and above declined almost 10% last year, according to Palo Alto Networks’ Unit 42 Network Threat Trends report. In 2021, the industry recorded 11,841 such CVEs, down from 13,123 in 2020.
  • However, the amount of attacks targeting network-related CVEs observed during 2021 jumped 15% to 262 million, reflecting an all-time high and triple the number of attacks that occurred prior to the COVID-19 crisis.
  • Log4Shell vulnerabilities (CVE-2021-44228 and CVE-2021-45046) were the most-exploited CVEs in 2021, surpassing 11 million attack sessions observed in the final weeks of the year. This underscores the ease of exploitation and widespread impact the Apache Log4j vulnerabilities had on enterprise network security, the report said.

Dive Insight:

Organizations should take no comfort in the drop of higher-impact vulnerabilities last year, as Unit 42’s report shows a corresponding increase in the number of attacks. The imbalance highlights a persistent need for patching.

While Log4j vulnerabilities quickly became the most-exploited attack vector in late 2021, it accounted for about 4% of the total attack sessions observed by Unit 42. 

More than 6 million attacks were observed against a PHPUnit remote code execution vulnerability (CVE-2017-9841) dating back to 2017. Indeed, five of the top 10 most-exploited CVEs of 2021 were identified before 2020, the report said.

Unit 42 named Log4j as the No. 1 vulnerability to watch in 2022 and 2023, as the number of exploit detections continues to rise. U.S. and allied cyber authorities in April also listed the remote code execution Log4Shell vulnerability as the most routinely exploited vulnerability in 2021.

Almost 99% of all network vulnerabilities in 2021 were classified as medium severity or above, 18% of which were designated as critical. 

Nearly 11% of those critical-severity vulnerabilities have public proof-of-concept availability, meaning threat actors have public access to knowledge on how to exploit the vulnerability, Unit 42 researchers said in the report.

Three-quarters of all remote code execution attacks, which remains the most common type of exploit, targeted critical vulnerabilities, the report said.

Most of the 262 million network exploit attempts in 2021 targeted high-severity vulnerabilities, which accounted for almost 40% of network vulnerabilities last year.

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell