SonicWall Data Reveals the Top Five Most Widespread Network Attacks Used Against Small Businesses

The last two years of firewall telemetry data, paints a clear picture of what attacks are most widespread amongst SMBs – demanding the need for prioritization

MILPITAS, Calif. — May 2, 2024 — A review of SonicWall telemetry data suggests that the most widespread network attacks to small businesses (SMBs) are older vulnerabilities with a large amount of publicly available information and affecting major vendors. In light of this data, prioritization is a critically important factor for today’s CISOs who are asked to manage and prioritize risk.

“In order to properly prioritize threats, we must first understand what attacks, vulnerabilities, and tactics are being used by our enemies,” said SonicWall Executive Director of Threat Research Doug McKee. “Relying too heavily on one factor (e.g., CVSS scores) can lead to an incomplete view of the risk associated with a vulnerability. Consider all factors together to develop a comprehensive understanding of the risk landscape and prioritize vulnerabilities accordingly.”

From January 2022 to March 2024, using SonicWall IPS data, SonicWall determined the most widespread attacks against small businesses. Here are the top five ranked:

1. Log4j (CVE-2021-44228) - 43% of organizations were under attack
2. Fortinet SSL VPN Path Traversal (CVE-2018-13379) - 35% of organizations were under attack
3. Heartbleed (CVE-2014-0160) - 35% of organizations were under attack
4. Atlassian Pre-Auth Arbitrary File Read (CVE-2021-26085) - 32% of organizations were under attack
5. VMware SSRF (CVE-2021-21975) - 28% of organizations were under attack

The “newest” vulnerability on this list is almost three years old, and the oldest goes back almost a decade.  This suggests the biggest “win” for small businesses is to ensure they have a solid methodology in place for dealing with well-known vulnerabilities, regardless of the age of the threat.

“It is still very relevant to spend time and resources tracking down items like heart bleed and log4j, which is arguably more valuable than worrying about the latest AI threat or zero days in Microsoft with no publicly available exploit,” said McKee.

Prioritization is Key

Prioritization is a critical factor for today’s CISOs who are asked to manage and prioritize risk.  The largest challenge with supply chain issues like Log4j, is understanding simply – is it used and where?  Product security testing or other forms of deep technical analysis of the product used on your network is vital to ensure a business is protected from threats being used by attackers and therefore should take priority in terms of funding.

For more information visit www.sonicwall.com.

About SonicWall

SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.