IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Major security exploits expected to rise before New Year

Supply chain attacks are also expected to increase, along with affiliate programmes becoming more popular

Cyber security researchers are expecting major exploits to proliferate in the last few months of the year, repeating the pattern of previous years.

Similarly to how the Log4Shell vulnerability was discovered late into 2021, researchers at Deep Instinct said they expected similar exploits of major vulnerabilities discovered this year to ramp up before the year closes out.

The security community hasn't observed any vulnerabilities this year as severe as Log4Shell, but there have been a number of other high-profile vulnerabilities targeting popular services such as Microsoft Exchange which could see a rise in exploitation.

Deep Instinct said there are still many unpatched systems for older vulnerabilities that can be taken advantage of by attackers, such as 'Follina' and DogWalk', tracked as CVE-2022-30190 and CVE-2022-34713 respectively.

These two vulnerabilities, discovered this year, affect Microsoft Support Diagnostic Tool (MSDT) and are among the most-discussed flaws of the year, the security company said. Follina is a zero-day exploit that uses Office documents as its primary delivery method to achieve remote code execution (RCE) and is similar to Dogwalk.

In September, a separate Microsoft Exchange Server exploit dubbed 'ProxyNotShell' was also discovered and the company failed to adequately patch the flaw three times.

The issue remains without an official fix and was left unaddressed in Microsoft's latest Patch Tuesday updates.

Other high-profile vulnerabilities for this year include SpoolFool and Dirty Pipe, tracked as CVE-2022-22718 and CVE-2022-0847 respectievly.

SpoolFool is a Windows vulnerability where threat actors use Windows Print Spooler when they have limited access to a computer but don’t have administrative privileges. Attackers are then able to move laterally across an organisation’s systems.

Dirty Pipe is a Local Privilege Escalation (LPE) for Linux that allows attackers to escape a website's home directory and access all the websites and resources of the server, Deep Instinct said.

VMware Workspace Once, Confluence Server, and WSO2 were all also the subject of criticism for the serious flaws found in their respective products this year. 

Related Resource

The big book of ZTNA security use cases

Know your ZTNA protection index

Whitepaper cover with bold blue header banner with title and image of man at a workstation with multiple screensFree Download

In addition to predicting a rise in exploits towards the end of the year, Deep Instinct said it expects insiders and affiliate programmes to become more popular.  As cyber security firms improve their defences, threat actors will have to try harder to infiltrate companies. Sometimes, they turn to pay someone on the inside to give them initial access.

“A case in point is the BlackCat (ALPHV) group, who provide up to 90% of the ransom payment to affiliates,” explained the company. “This is appealing to threat actors even if they pay a large sum of money to the insider, as they are guaranteed to gain access to an organisation.”

Deep Instinct underlined that for insiders, the reward can be very high. Most attacks of this nature are carried out in third-world countries, where a global company has an office, it said.

The company also predicted that supply chain attacks will increase. Attackers have started infecting the software developers use, mostly site packages which are groups of code which allow its creators to add different features to their projects. The code can be found in repositories like PyPi for Python or NPM for JavaScript.

The sites are generally considered to be reliable resources meaning that developers trust the packages which they install. Attackers are now beginning to exploit this causing NPM to enforce two-factor authentication (2FA) on their most popular packages. PyPI mirrored this in July 2022, forcing the top 1% of projects to use the more secure authentication method.

However, Deep Instinct underlined that 2FA won’t combat protestware, a different attack method. This is when a developer sabotages their own software, giving it malware capabilities to harm users.

The Russia-Ukraine war caused an increase in protestware, said the company, with one of the most famous examples being the node-ipc wiper, a popular NPM package. In March 2022, its developer allegedly changed the package’s code to cause it to wipe computers belonging to potential Russian and Belarusian software developers.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

Five common data security pitfalls
Whitepaper

Five common data security pitfalls

21 Oct 2022
Microsoft warns of 'Prestige' ransomware targeting business in Ukraine, Poland
ransomware

Microsoft warns of 'Prestige' ransomware targeting business in Ukraine, Poland

17 Oct 2022
WordPress plugin vulnerability leaves sites open to total takeover
vulnerability

WordPress plugin vulnerability leaves sites open to total takeover

14 Sep 2022
New approach to ransomware encryption threatens to undermine cyber security strategies
ransomware

New approach to ransomware encryption threatens to undermine cyber security strategies

12 Sep 2022

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022