SonicWall Reveals Top Five Network Attacks Against Small Businesses

SonicWall Reveals Top Five Network Attacks Against Small Businesses

A review of SonicWall telemetry data suggests that the most widespread network attacks to small businesses (SMBs) are older vulnerabilities with a large amount of publicly available information and affecting major vendors. In light of this data, prioritization is a critically important factor for today’s CISOs who are asked to manage and prioritize risk.

“In order to properly prioritize threats, we must first understand what attacks, vulnerabilities, and tactics are being used by our enemies,” said SonicWall Executive Director of Threat Research Doug McKee. “Relying too heavily on one factor (e.g., CVSS scores) can lead to an incomplete view of the risk associated with a vulnerability. Consider all factors together to develop a comprehensive understanding of the risk landscape and prioritize vulnerabilities accordingly.”

From January 2022 to March 2024, using SonicWall IPS data, SonicWall determined the most widespread attacks against small businesses. Here are the top five ranked:

  1. Log4j (CVE-2021-44228) – 43% of organizations were under attack
  2. Fortinet SSL VPN Path Traversal (CVE-2018-13379) – 35% of organizations were under attack
  3. Heartbleed (CVE-2014-0160) – 35% of organizations were under attack
  4. Atlassian Pre-Auth Arbitrary File Read (CVE-2021-26085) – 32% of organizations were under attack
  5. VMware SSRF (CVE-2021-21975) – 28% of organizations were under attack

The “newest” vulnerability on this list is almost three years old, and the oldest goes back almost a decade.  This suggests the biggest “win” for small businesses is to ensure they have a solid methodology in place for dealing with well-known vulnerabilities, regardless of the age of the threat.

“It is still very relevant to spend time and resources tracking down items like heart bleed and log4j, which is arguably more valuable than worrying about the latest AI threat or zero days in Microsoft with no publicly available exploit,” said McKee.

Prioritization is a critical factor for today’s CISOs who are asked to manage and prioritize risk.  The largest challenge with supply chain issues like Log4j, is understanding simply – is it used and where?  Product security testing or other forms of deep technical analysis of the product used on your network is vital to ensure a business is protected from threats being used by attackers and therefore should take priority in terms of funding.

 

Black Friday cybersecurity trends

Black Friday cybersecurity trends

With shopping season fast approaching, David Warburton, Director, F5 Labs, assesses…
Fortinet predicts get ready for bigger, bolder attacks

Fortinet predicts get ready for bigger, bolder attacks

Derek Manky, Chief Security Strategist & Global VP Threat Intelligence…
Sustainable IT & AV Solutions Are The New Frontier of Corporate Responsibility
lechef all set to transform workplace dining in the region

lechef all set to transform workplace dining in the region

Saudi-based serial entrepreneur Eugen Brikcius announced the launch of its new food…
Clemta ready to cater entrepreneurs in the region

Clemta ready to cater entrepreneurs in the region

Clemta, the one-stop shop for global entrepreneurs incorporating in the US, has…
Microsoft reveals Top Three teams for Imagine Cup!

Microsoft reveals Top Three teams for Imagine Cup!

Today marks a pivotal moment in the 2024 Imagine Cup as Microsoft reveal…