Major security exploits expected to rise before New Year
Supply chain attacks are also expected to increase, along with affiliate programmes becoming more popular
Cyber security researchers are expecting major exploits to proliferate in the last few months of the year, repeating the pattern of previous years.
Similarly to how the Log4Shell vulnerability was discovered late into 2021, researchers at Deep Instinct said they expected similar exploits of major vulnerabilities discovered this year to ramp up before the year closes out.
The security community hasn't observed any vulnerabilities this year as severe as Log4Shell, but there have been a number of other high-profile vulnerabilities targeting popular services such as Microsoft Exchange which could see a rise in exploitation.
Deep Instinct said there are still many unpatched systems for older vulnerabilities that can be taken advantage of by attackers, such as 'Follina' and DogWalk', tracked as CVE-2022-30190 and CVE-2022-34713 respectively.
These two vulnerabilities, discovered this year, affect Microsoft Support Diagnostic Tool (MSDT) and are among the most-discussed flaws of the year, the security company said. Follina is a zero-day exploit that uses Office documents as its primary delivery method to achieve remote code execution (RCE) and is similar to Dogwalk.
In September, a separate Microsoft Exchange Server exploit dubbed 'ProxyNotShell' was also discovered and the company failed to adequately patch the flaw three times.
The issue remains without an official fix and was left unaddressed in Microsoft's latest Patch Tuesday updates.
Other high-profile vulnerabilities for this year include SpoolFool and Dirty Pipe, tracked as CVE-2022-22718 and CVE-2022-0847 respectievly.
SpoolFool is a Windows vulnerability where threat actors use Windows Print Spooler when they have limited access to a computer but don’t have administrative privileges. Attackers are then able to move laterally across an organisation’s systems.
Dirty Pipe is a Local Privilege Escalation (LPE) for Linux that allows attackers to escape a website's home directory and access all the websites and resources of the server, Deep Instinct said.
VMware Workspace Once, Confluence Server, and WSO2 were all also the subject of criticism for the serious flaws found in their respective products this year.
The big book of ZTNA security use cases
Know your ZTNA protection indexFree Download
In addition to predicting a rise in exploits towards the end of the year, Deep Instinct said it expects insiders and affiliate programmes to become more popular. As cyber security firms improve their defences, threat actors will have to try harder to infiltrate companies. Sometimes, they turn to pay someone on the inside to give them initial access.
“A case in point is the BlackCat (ALPHV) group, who provide up to 90% of the ransom payment to affiliates,” explained the company. “This is appealing to threat actors even if they pay a large sum of money to the insider, as they are guaranteed to gain access to an organisation.”
Deep Instinct underlined that for insiders, the reward can be very high. Most attacks of this nature are carried out in third-world countries, where a global company has an office, it said.
The sites are generally considered to be reliable resources meaning that developers trust the packages which they install. Attackers are now beginning to exploit this causing NPM to enforce two-factor authentication (2FA) on their most popular packages. PyPI mirrored this in July 2022, forcing the top 1% of projects to use the more secure authentication method.
The Russia-Ukraine war caused an increase in protestware, said the company, with one of the most famous examples being the node-ipc wiper, a popular NPM package. In March 2022, its developer allegedly changed the package’s code to cause it to wipe computers belonging to potential Russian and Belarusian software developers.
2022 State of the multi-cloud report
What are the biggest multi-cloud motivations for decision-makers, and what are the leading challengesFree Download
The Total Economic Impact™ of IBM robotic process automation
Cost savings and business benefits enabled by robotic process automationFree Download
Multi-cloud data integration for data leaders
A holistic data-fabric approach to multi-cloud integrationFree Download
MLOps and trustworthy AI for data leaders
A data fabric approach to MLOps and trustworthy AIFree Download