2022 was certainly an eventful year in cybersecurity. Organisations of all sizes and in all sectors were hit by data breaches, with the Red Cross, Nvidia, Apple, Meta, Twitter and several healthcare organisations amongst those reporting incidents. According to research published by Check Point in January, the UK alone saw a 77% increase in cyberattacks in the past year. And it’s not just the volume of attacks that’s increasing, but often the severity, too. The Cash App data breach affected over 8 million users, while Qubit Finance was reported to have lost 80 million US dollars following a hack.
Unfortunately, there is no sign of malicious activity slowing down. In fact, the important cybersecurity lessons learned from the past 12 months extend well beyond 2022. The headlines from the past year remind us to always be prepared, vigilant – and to have a solid, tried and tested incident plan in place.
Attacks keep evolving. Some of the threats we saw in 2022 were more sophisticated phishing and social engineering attacks, which continue to develop in complexity; ransomware; poor cyber hygiene; cloud vulnerabilities and mobile device vulnerabilities, among several others. And there’s a lot we can learn from two of the main vulnerabilities that caused havoc last year.
The most prominent vulnerabilities exploited in 2022, such as Log4j and Text4Shell, uncovered many valuable lessons for improving an organisation’s security posture, readiness and detection capabilities. Among these is one key learning: It is critical to have a full, up-to-date and transparent view of your environment at all times. Because you can never protect something if you are unaware it exists. It’s as simple as that.
To this end, it is important to understand what is in the installed software itself by comprising a software bill of materials (SBOM). A SBOM is essentially a list of ingredients that make up your software components. Even the simplest of software can often incorporate hundreds of subcomponents. This allows you to readily assess if software that’s in use in your environment is affected by a known vulnerability.
What we learned from Text4Shell
The Apache Commons Text vulnerability also known as “Text4Shell”is a widely used Java library for text manipulation and other string algorithms, where unsafe script evaluation by the interpolation system could trigger remote code execution when processing malicious input in the library's default configuration. However, the Apache Commons Text must be used in a certain way to expose the attack surface and make the vulnerability exploitable. One valuable lesson learned from “Text4Shell” is not to run code on native machines and to employ a least privilege policy.
Understanding software composition is crucial when encountering a vulnerability, thus, running Software Composition Analysis (SCA) and Static Application Security Testing (SAST) tooling periodically is recommended so that any relevant new issues will be caught in time to avoid their propagation to production.
Additionally, strong cyber hygiene can help fend off attacks or limit total blast radius, so it’s vital to prioritise this practice to mitigate risks: Updating and patching software in a timely manner,
implementing strong password policies, limiting user rights and admin-level access and following a solid backup strategy.
Security threats such as Log4j and Text4Shell provide the opportunity to improve and strengthen training materials for robust cybersecurity plans. But beyond that, the main takeaways are to be prepared and to be proactive. You can’t have a “set it and forget it” approach to your organisation’s cybersecurity. It’s important to periodically revisit your security plan and adapt it for new threats, which are always evolving.
Additionally, a good plan is only a starting point. Organisations need to do regular run throughs to test their ability to implement it, too. Practising means you are prepared, and with cyberattacks on the rise, this is non-negotiable.