A report published today by Cato Networks finds three years after its discovery in 2021 there was a 61% increase in attempts to exploit Log4j vulnerabilities in inbound traffic and a 79% increase in the attempted use of Log4j in WANbound traffic in the first half of this year.

In addition, there was a 114% increase in attempts to exploit an Oracle WebLogic vulnerability, which originated in 2020, in WANbound traffic, the report noted.

Vulnerabilities are a Continual Target

Etay Maor, chief security strategist for Cato Networks, said cybercriminals continue to target these vulnerabilities because they continue to exist in many IT environments simply because IT teams don’t realize they persist. For example, vulnerabilities in Log4j might be found in a third-party application that includes the open-source tool for managing logs in Java applications, he added.

Many cybersecurity teams are also unaware they can apply virtual patches to eliminate those potential threats versus waiting on application developers to upgrade a vulnerable instance of software that includes a patch to address the issue, said Maor.

The Cato Network report also finds that Amazon is the top spoofed brand by a significant margin (66% of domains), followed by Google at 7%. It also details the activities of IntelBroker, a moderator of BreachForums on the Dark Web. It’s not clear if IntelBroker is a single individual or a group of individuals. However, in recent months IntelBroker has offered to sell data and source code from AMD, Apple, Facebook, KrypC, Microsoft, Space-Eyes, T-Mobile and U.S. Army Aviation and Missile Command.

In general, the report makes it clear that cybercriminals tend to favor the tactics and techniques that are tried and true. It’s only when the simplest means to achieve their ends are exhausted that most cybercriminals are going to up their proverbial game. As such, most cybersecurity teams can be most effective when they are tracking the vectors being used most to breach IT environments, noted Maor.

The challenge is that as those attacks are not only increasing in volume but the longer it takes to discover and remediate a breach the more damage there will be inflicted.

Theoretically, there may come a day soon when artificial intelligence (AI) is widely used to prevent routine attacks. That should provide cybersecurity teams with the time needed to investigate more advanced threats. AI isn’t going to replace the need for cybersecurity expertise so much as it will reduce the drudgery that results from tracking down the root cause of a steady stream of alerts that are tied to the same event.

In the meantime, however, discovering and patching vulnerabilities will remain a significant challenge, In the age of AI it is now possible for developers to build and deploy software faster than ever. The issue is that many of the AI tools being used were trained using examples of flawed code found on the internet, so the number of applications being deployed with known vulnerabilities, at least in the short term, might rise. As a result, cybersecurity teams shouldn’t count on any rest for the weary just yet.