A recent report by Cato Cyber Threat Research Labs (CTRL) revealed that the Log4J vulnerability (CVE-2021-44228) exploit continues to be a prevalent issue three years after its discovery. According to the report, the Log4J exploit accounted for 30% of outbound vulnerability exploitations and 18% of inbound vulnerability exploitations in the first quarter of 2024.
Another significant vulnerability exploit, CVE-2017-9841, which targets the PHPUnit testing framework, was identified as the most common vulnerability exploit during the same period. Cato’s statistics showed that this exploit made up 33% of all vulnerability exploitations.
The report also highlighted the prevalence of insecure protocols in organizations, with 62% of web applications running on HTTP, 54% of WAN traffic using Telnet, and 46% of WAN traffic utilizing version 1 of server message block (SMB). These insecure protocols have made it easier for threat actors to move laterally within networks.
Furthermore, industry-specific tactical trends were observed, with threat actors showing preference for certain techniques, tactics, and procedures depending on the industry they target. For example, the ‘Endpoint Denial of Service’ technique was found to be prominent in cyber-attacks against victims in the entertainment, telecommunication, and mining & metals sectors. In contrast, the ‘Exploitation for Credential Access’ technique was more commonly used in cyber-attacks targeting the services and hospitality sectors.
Overall, Cato CTRL analyzed 1.26 trillion network flows across the systems of 2200 Cato Networks customers for the report. Moving forward, Cato plans to publish similar reports quarterly to provide insights on industry-specific threats and trends. Chief Security Strategist Etay Maor emphasized the importance of preparing for these threats, as threat actors targeting one industry today could shift their focus to another industry tomorrow.
