A review of SonicWall telemetry data suggests that the most widespread network attacks to small businesses (SMBs) are older vulnerabilities with a large amount of publicly available information and affecting major vendors. In light of this data, prioritization is a critically important factor for today’s CISOs who are asked to manage and prioritize risk.
“In order to properly prioritize threats, we must first understand what attacks, vulnerabilities, and tactics are being used by our enemies,” said SonicWall Executive Director of Threat Research Doug McKee. “Relying too heavily on one factor (e.g., CVSS scores) can lead to an incomplete view of the risk associated with a vulnerability. Consider all factors together to develop a comprehensive understanding of the risk landscape and prioritize vulnerabilities accordingly.”
From January 2022 to March 2024, using SonicWall IPS data, SonicWall determined the most widespread attacks against small businesses. Here are the top five ranked:
- Log4j (CVE-2021-44228) – 43% of organizations were under attack
- Fortinet SSL VPN Path Traversal (CVE-2018-13379) – 35% of organizations were under attack
- Heartbleed (CVE-2014-0160) – 35% of organizations were under attack
- Atlassian Pre-Auth Arbitrary File Read (CVE-2021-26085) – 32% of organizations were under attack
- VMware SSRF (CVE-2021-21975) – 28% of organizations were under attack
The “newest” vulnerability on this list is almost three years old, and the oldest goes back almost a decade. This suggests the biggest “win” for small businesses is to ensure they have a solid methodology in place for dealing with well-known vulnerabilities, regardless of the age of the threat.
“It is still very relevant to spend time and resources tracking down items like heart bleed and log4j, which is arguably more valuable than worrying about the latest AI threat or zero days in Microsoft with no publicly available exploit,” said McKee.
Prioritization is a critical factor for today’s CISOs who are asked to manage and prioritize risk. The largest challenge with supply chain issues like Log4j, is understanding simply – is it used and where? Product security testing or other forms of deep technical analysis of the product used on your network is vital to ensure a business is protected from threats being used by attackers and therefore should take priority in terms of funding.