Researchers at Digital Shadows have identified over 260 vulnerabilities that they witnessed being exploited by threat actors in the final quarter of 2021. Approximately one-third of the vulnerabilities were used for ransomware deployment campaigns. The vulnerabilities that were discovered ranged in risk and affected devices and software, some of them not even making the news. With bigger vulnerabilities taking the spotlight during that time, such as the Log4j vulnerability, it is not uncommon to miss patch releases for smaller software and devices. Patch management can be one of the hardest tasks to manage within an IT network, especially those with large networks. These 260 vulnerabilities are still commonly going unpatched within networks, which leaves organizations open to major security risks.
IT professionals should have an outline of implemented systems and review these products regularly to ensure there are no outstanding security patches. Updates and patches should always be tested before production implementation to ensure that there are not going to be any negative side effects of the patch, but they should be implemented as soon as possible. Often, threat actors will prey on victims that have not patched even the smallest of security vulnerabilities as an initial attack vector to infect a company. More examples of the commonly unpatched products being attacked can be found in the source article.