The FBI and the Cybersecurity and Infrastructure Security Agency lately made a joint public service announcement explaining the 2016 to 2019 top 10 most exploited vulnerabilities. Advanced nation state hackers exploit these vulnerabilities to target public and private companies to get into their systems and steal sensitive data.
Hacking groups linked to Russia, China, Iran, and North Korea usually exploit the listed vulnerabilities. Their cyber actors continue to attack by exploiting the vulnerabilities, even though there are patches for correcting the vulnerabilities. In some cases, patches were released 5 years ago, yet several companies still have not applied the patches.
Exploiting any of the top 10 vulnerabilities require less resources in comparison with zero-day exploits. This means that attackers can do more campaigns. When companies address the top 10 vulnerabilities by applying the patches, nation state hackers will be forced to make new exploits to conduct attacks.
CISA and FBI make clear in the announcement that a serious campaign to fix the vulnerabilities would result in friction with foreign enemies’ operational tradecraft and force them to make or acquire exploits which are more costly and less effective. A serious patching campaign will furthermore reinforce network security by focusing hard to get defensive options on the recognized activities of foreign enemies.
CISA and the FBI are expecting that companies would prioritize patching and encourage them to give more time and resources for patching and make a program for updating all system patching.
The Top 10 Most Exploited Vulnerabilities
The regularly exploited vulnerabilities included in the top ten list are vulnerabilities found in
- Adobe Flash Player
- Microsoft Windows
- Microsoft SharePoint
- Microsoft Office
- Microsoft .NET Framework
- Drupal
- Apache Struts
Of the ten vulnerabilities, nation-state hacking groups focus on three vulnerabilities related to Microsoft’s OLE technology – CVE-2012-0158, CVE-2017-11882, and CVE-2017-0199. Microsoft’s Object Linking and Embedding (OLE) allows attackers to embed content from other apps in Word Documents. The fourth on the list of exploited vulnerability is CVE-2017-5638, identified in the Apache Struts web framework. Attackers exploit these vulnerabilities to create different malware payloads including Loki, Pony/FAREIT, FINSPY, FormBook, LATENTBOT, Dridex, JexBos, China Chopper, FinFisher, DOGCALL, Kitty, and WingBird.
The Products Affected by the Vulnerabilities are enumerated below:
- Vulnerability CVE-2017-11882 – Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Products
- Vulnerability CVE-2017-0199 – Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016, Vista SP2, Server 2008 SP2, Windows 7 SP1, Windows 8.1
- Vulnerability CVE-2017-5638 – Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1
- Vulnerability CVE-2012-0158 – Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; BizTalk Server 2002 SP1; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; Visual Basic 6.0; and Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2;
- Vulnerability CVE-2019-0604 – Microsoft SharePoint
- Vulnerability CVE-2017-0143 – Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT
- Vulnerability CVE-2018-4878 – Adobe Flash Player before 28.0.0.161
- Vulnerability CVE-2017-8759 – Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7
- Vulnerability CVE-2015-1641 – Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1
- Vulnerability CVE-2018-7600 – Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1
There’s a warning for two vulnerabilities exploited in 2020. They are Citrix vulnerability CVE-2019-19781 and Pulse Secure VPN vulnerability CVE-2019-11510. Nation-state hackers and cybercriminals use these vulnerabilities to target Virtual Private Network (VPN) solutions.
The rush in using cloud collaboration services such as Microsoft Office 365 for remote work due to COVID-19 allowed the hackers to have new ways to attack organizations. Hasty use of these options resulted in overlooking security configurations that exposed them to attacks. Cybersecurity flaws are {additionally|similarly} being exploited, which include poor employee awareness on phishing and social engineering. Lack of system recovery and backup options has also made companies vulnerable to ransomware attacks.