The Log4Shell case highlights the growing severity of the consequences of software vulnerabilities.
PRAGUE, December 27, 2021 – GFI Software, a provider of security and management solutions for enterprise networks, said that according to the latest data from The National Vulnerability Database (NVD), the number of software vulnerabilities this year has already surpassed the record level set in 2020. Moreover, vulnerabilities in software systems are having increasingly serious and global impacts, as the case of the recently disclosed Log4Shell vulnerability has shown.
While a total of 18,352 vulnerabilities were discovered in 2020, as of mid-December this year, the NVD has already recorded 18,970 vulnerabilities, the highest number ever recorded. By comparison, for example, in 2016, “just” under 7,000 vulnerabilities were disclosed. Their severity is also growing, with 3,784 so-called severe vulnerabilities already identified this year alone, including the latest case known as Log4Shell.
This vulnerability involved the Log4j tool, one of the Java-based logging modules used by a large number of services on the Internet today. It is insidious in that it is not a standalone application, but a library that is part of various software solutions. The potential number of vulnerable targets is thus huge.
Log4Shell only highlights the fact that with the current push for digitisation and the dynamic growth of software systems, the likelihood of vulnerabilities that can be an open gateway to enterprise systems and sensitive corporate data is increasing. And it’s not just Microsoft software that has long been affected – one of the major trends for 2021 has been the increasing attacks on Linux, Apple and open source platforms, as the ever-growing list of recommended updates shows.
“Similar to supply chain attacks, Log4Shell could usher in a new era of cyberattacks, allowing attackers to attack many more targets with the same effort, and thus cause much more damage,” said Zdeněk Bínek, responsible for GFI Software’s solution sales in the Czech Republic and Slovakia. “Together with the proliferation of mobile devices and the intensive use of home systems for work, this adds more wrinkles for IT administrators and the need to update enterprise systems even more carefully and use automated patch management tools.”
GFI Software offers the GFI LanGuard solution, which provides automated update management for Windows, macOS and Linux, vulnerability scanning on PCs and mobile devices, and network and software auditing. For added security, it allows you to create an inventory of the resources of every device on your network, including tablets and smartphones that connect to Exchange servers.