Press Release

GreyNoise Intelligence Dives Deep into the Cybersecurity Landscape with its 2022 Mass Exploitation Report

GreyNoise Intelligence, the cybersecurity company analyzing internet scanning traffic to separate threats from background noise, today unveiled its inaugural 2022 Mass Exploitation Report, a research report that dives deep into the most significant Threat Detection events of the past 12 months.

“When it comes to cybersecurity, not all vulnerabilities are created equal, and many of the ones that garner media attention actually turn out to be insignificant,” said Bob Rudis, Vice President Research & Data Science, GreyNoise Intelligence. “GreyNoise is in a unique position to help organizations understand what technologies are under mass exploitation, and provides critical tools and data to help security analysts prioritize patching, identify and block malicious sources with confidence, and stay ahead of adversaries.”

GreyNoise added over 230 new detection tags in 2022, representing an increase of approximately 38% from 2021. For its 2022 Mass Exploitation Report, GreyNoise researchers provide insights into:

  • The celebrity vulnerability hype cycle, with a breakdown of the CVE-2022-1388, an F5 Big-IP iControl REST Authentication Bypass
  • How hard attackers will work to never let a critical vulnerability go to waste by looking at the depth and breadth of CVE-2022-26134, a critical weakness in Atlassian Confluence
  • The impact of the CISA Known Exploited Vulnerabilities catalog releases on defenders

In addition to insights about the most significant threat detection events of 2022, the 2022 Mass Exploitation Report offers predictions for 2023 from GreyNoise VP Data Science Bob Rudis:

  • Expect daily, persistent internet-facing exploit attempts. “We see Log4j attack payloads every day. It’s part of the new ‘background noise’ of the internet, and the exploit code has been baked into numerous kits used by adversaries of every level. It’s very low risk for attackers to look for newly-exposed or re-exposed hosts, with the weakness unpatched or unmitigated. This means organizations must continue to be deliberate and diligent when placing services on the internet.”
  • Expect more post-initial access internal attacks. “CISA’s database of software affected by the Log4j weakness stopped receiving regular updates earlier this year. The last update showed either ‘Unknown’ or ‘Affected’ status for ~35% (~1,550) of products cataloged. Attackers know that existing products have embedded Log4j weaknesses, and have already used the exploit in ransomware campaigns. If you have not yet dealt with your internal Log4j patching, early 2023 would be a good time to do so.”
  • Expect at least a handful of headline-grabbing Log4j-centric attacks. “Organizations have to strive for perfection, while attackers need only persistence and luck to find that one device or service that is still exposing a weakness. We will see more organizations impacted by this, and it is vital you do what you can to ensure yours isn’t one of them.”

To request a copy of the GreyNoise 2022 Mass Exploitation Report, please visit https://www.greynoise.io/resources/greynoise-2022-mass-exploitation-report.

About GreyNoise Intelligence GreyNoise is THE source for understanding internet noise. We collect, analyze and label data on IPs that saturate security tools with noise. This unique perspective helps analysts waste less time on irrelevant or harmless activity, and spend more time focused on targeted and emerging threats. GreyNoise is trusted by Global 2000 enterprises, government organizations, top security vendors and tens of thousands of threat researchers. For more information, please visit https://www.greynoise.io/, and follow us on Twitter and LinkedIn.

About GreyNoise Intelligence

GreyNoise empowers the security teams of enterprises and global governments to act with speed and confidence by providing real-time, verifiable perimeter-based threat intelligence. This allows security teams to reduce noise in security operations, perform in-depth threat hunting campaigns, and focus on the most critical threats to their network. Our patented sensor technology enables us to collect and analyze unique threat data at-scale that no one else can. We provide the most actionable threat intelligence against mass internet scanning and exploitation, so that no attack works twice. For more information, please visit https://www.greynoise.io/, and follow us on Twitter, Mastodon and LinkedIn.

View all press releases