MANILA, Philippines – Cybersecurity firm Fortinet, the world’s third largest cybersecurity vendor in terms of market share in Q3 2022, revealed in an annual report published in January that attackers focused the most on vulnerabilities related to remote code execution. 

The firm said that the reason for this was that a successful exploitation of a vulnerable code that leads to attackers gaining control over a system presents an opportunity of “high impact.” A remote code execution, as its name states, allows an attacker to execute a malicious code remotely that could serve a variety of functions that may include completely taking control of a system. 

One of the worst examples of this type of attack involved the Log4j software, a piece of software in computers that is used to record all manner of activities by the computer user. It also communicates events such as the “404” error when a webpage cannot be found. Exploits for the software were found in late 2021.

Must Read

What is Log4j? A cybersecurity expert explains the latest internet vulnerability

In 2022, Fortinet said it remained one of the more notable vulnerabilities that opened up computer systems to remote code execution-style attacks. “The Log4J vulnerability could allow a remote attacker to execute arbitrary code on the affected system,” Fortinet said, allowing a remote attacker to gain control of systems. 

Following remote code execution, attackers focus on gaining access to restricted directories, accessing sensitive information, uploading files on a victim’s systems without validation, and bypassing authenticators. 

Overall, Fortinet saw an average of 500 million total malware detections per month in 2022. An overwhelming majority of these malware come with a Microsoft Windows executable file, followed by a Microsoft Office-type file, and a Javascript-type file at third, as shown in the graphic below:

Fortinet noted attackers were more aware of industry-specific apps that workers use, especially those in a hybrid or work-from-home setup.

“Attacks on open source and common vulnerabilities accelerated throughout 2022, becoming more widespread entry points for all types of organization. Targeted attacks are becoming easier as attackers gain awareness of the apps used by each industry, plus commonly used devices (IoT), or other malpractices adopted during the work-from-anywhere generation,” the company warned. 

To strengthen security for offices whose workforce are in a work-from-home or hybrid setup, the company stressed a “zero-trust” strategy for endpoints – the end users such as employees. 
Fortinet explained, “Securing user identity is one of the core elements of the zero-trust principle of ‘never trust, always verify,’ but there needs to be a defined and strategic approach internally as far as how zero trust is rolled out.”

Fortinet added, “Every user’s identity must be verified and each user should only be given only the least-privileged access based on what is known about their identity. It’s also important to consider how implementing these controls will affect users to make sure it won’t negatively impact their experience and productivity.” – Rappler.com