According to the 2021 X-Force Threat Intelligence Index, scanning for and exploiting vulnerabilities was the top infection vector of 2020. Up to one in three data breaches stemmed from unpatched software vulnerabilities. Take a look at this list of vulnerabilities or design flaws with no official Microsoft fix. In any case, one in three might be a low-ball estimate given the increase in unpatched vulnerability attacks. How do defenders stop them?
Attacks have become more diverse over time. For example, some Linux vulnerability attackers don’t want your trade secrets. Instead, they hijack computing resources for cryptomining, which can go on for months before detection. Meanwhile, threat actors can also set up web shells to install ransomware. By maintaining the shell, they can sell remote access to your web server.