Application Security Predictions For 2023
JP oversees the Research and Innovation teams that keep Onapsis on the cutting-edge of the business-critical application security market.
getty
In 2021, we commenced the year reeling from the aftermath of the hack involving SolarWinds, and in 2022, organizations were left dealing with the discovery of the Log4j zero-day vulnerability, dubbed Log4shell. In the months following its discovery, attackers continued finding ways to exploit unpatched Log4j flaws. Despite countless warnings, many organizations failed to apply the necessary mitigations, leaving them highly vulnerable.
Unfortunately, the Log4j catastrophe only set the stage for the remainder of the year. In the past year, we saw a ransomware attack place an entire country in a state of emergency and numerous well-known brands hit by data breaches, among countless other incidents. We also witnessed hackers deploying new sophisticated techniques to directly target organizations’ business-critical applications, such as the Elephant Beetle organized financial theft scheme in early 2022.
With the proliferation of zero-day and unpatched known vulnerabilities on critical business applications combined with threat actors’ ever-evolving sophisticated tactics, organizations should be prepared to face any threat that comes their way. Here are a few predictions for what’s in store in 2023.
There is still room for the next Log4j flaw.
Log4shell has had a significant impact on enterprises across the globe, with many still being impacted to this day. Nearly every software supply chain vendor has been tasked with patching the infamous vulnerability, highlighting just how difficult it can be to fix flaws located in frequently used libraries.
Unfortunately, there are many organizations that have yet to apply the patches, and adversaries are catching on. Cybercriminals are still taking advantage of unpatched Log4j flaws more than one year after its discovery. In September 2022, the Lazarus hacking group was found exploiting the Log4j vulnerability to attack energy companies and perform cyber espionage campaigns.
We can expect to see even more incidents around Log4j exploits in 2023. In addition, we’ll likely see cybercriminals seeking…
