The Cybersecurity & Infrastructure Security Agency (CISA), the FBI, and the US government recently issued an alert about the Top 10 Routinely Exploited Vulnerabilities found by the US government between 2016 and 2019.
The alert aims to provide a list of vulnerabilities for organizations, which are mostly Common Vulnerabilities and Exposures (CVEs), which are repeatedly attacked by cybercriminals.
Although many cyber criminals choose to find and target Zero-Day vulnerabilities, the advantage of using known vulnerabilities, the benefit of using established vulnerabilities is that they don’t need as many resources as the Zero-Day exploits, so they can be used to target both the public and private sectors extensively.
Top 10 Most Exploited Vulnerabilities Of 2016–2019
The list below is where to focus a concerted patching campaign in no particular order: on the Top 10 Most Exploited Vulnerabilities for 2016-2019.
The corresponding list of associated malware for each CVE is not exhaustive. Rather, it aims to identify a family of malware commonly associated with exploiting the CVE. You can also access the list as PDF. Mostly in 2020, the US provided mitigations for exploited vulnerabilities.
- CVE-2017-11882– a vulnerability in remote code execution in Microsoft Office products and has been used by a variety of malware to bypass vulnerable computer security measures. The flaw has been known about since 2017, but actually dates back to a November 2000 compiled buggy Office component-Microsoft Equation Editor.
- CVE-2017-0199 – this remote code execution vulnerability in Microsoft Office enables an intruder to run malware on a user’s computer via a boobytrapped document. It is often seen being used by banking and spyware trojans like Dridex.
- CVE-2017-5638 – A loophole in Apache Struts to remote code execution, most infamously exploited in the major Equifax data breach of 2017.
- CVE-2012-0158 – This flaw in Windows ActiveX is still unpatched on many people’s computers, despite being eight years old, and is exploited by the likes of the Dridex banking trojan.
- CVE-2019-0604 – A SharePoint remote code execution bug that was blamed for a mid-2019 assault that eventually saw hackers access UN systems in Geneva and exfiltrate classified information held by the UN High Commissioner for Human Rights (OHCHR).
- CVE-2017-0143 – a vulnerability in Microsoft SMB remote code execution which has been incorporated into the EternalSynergy and EternalBlue exploit kits.
- CVE-2018-4878 – a flaw in Adobe Flash Player versions which was first successfully abused by cybercriminals early in 2018.
- CVE-2017-8759 – a flaw in remote code execution using the infamous FinFisher spyware in the Microsoft. NET Framework.
- CVE-2015-1641 – This bug in Microsoft Office enables an attacker to execute malicious code with a boobytrapped RTF document on a target ‘s computer.
- CVE-2018-7600 – a crucial Drupal core vulnerability exploited by cybercriminals to run the so-called Kitty crypto-mining code.
IT security professionals are advised to use this list in addition to a similar one recently compiled by Recorded Future, which focuses on the ten most exploited cybercrime vulnerabilities of 2019.
In addition to all of these flaws, CISA points to several others which were heavily misused in 2020:
CVE-2019-11510 (affecting Pulse Secure VPN servers)
CVE-2019-19781 (affecting Citrix VPN appliances)
Vulnerabilities in Virtual Private Network ( VPN) solutions are another field that has seen a rise in activity since 2019 when it became publicly accessible to exploit code for several notable VPNs. We anticipate that many of these flaws will continue to be leveraged by all kinds of bad actors because they’re not fixing it as they say if it’s not broken.
Moral Of the Story
“This list is indicative of a trend that we frequently see nowadays: cybercriminals tend to take advantage of known yet unpatched vulnerabilities. Finding or acquiring zero-day vulnerabilities is an expensive endeavor, and leveraging unpatched bugs with publicly available exploit code would get them to their end goal in the quickest and cheapest possible way. Also, here the need for stressing more on and focusing on cybersecurity has become a concern of the paramount importance as well.” Said Mr. Manish Chaudhari (CISO) Of Cybernetic Global Intelligence (CGI) – an Aussie cybersecurity company.
This list is a solid reminder that basic cyber hygiene and system maintenance are important. Knowing what vulnerabilities bad actors are actively exploiting and prioritizing their remediation is one of the most effective ways of reducing the risk. Each firm should, therefore, utilize the assistance of well-trained, highly skilled professionals, and specialized services to protect data and safeguard the digital infrastructure!