Share this
by Barry McIntyre on (August 10, 2023 at 5:20 AM)
A consortium of leading cybersecurity agencies from the United States, United Kingdom, Canada, Australia, and New Zealand have jointly released a cybersecurity advisory to raise awareness about the ongoing menace of malicious cyber attackers exploiting outdated software vulnerabilities and listed the top 12 vulnerabilities that were routinely exploited in 2022.
In the advisory, the coalition of cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NCSC-NZ), and the National Cyber Security Centre (NCSC-UK), highlighted the critical importance of promptly updating systems to safeguard against cyber threats and encourages organizations to take proactive measures.
Attackers Exploited Outdated Vulnerabilities Instead of Recently Disclosed Flaws
The Advisory brings attention to the fact that cyber attackers focused on exploiting a significant number of outdated software vulnerabilities instead of targeting recently disclosed flaws throughout the previous year.
The advisory revealed that more than half of the top vulnerabilities listed for 2022 were also present on the previous year's list. This alarming continuity underscores the audacity of malicious cyber actors who continue to exploit well-known flaws in internet-facing systems, despite the availability of security updates that could potentially fix them.
According to the NCSC-UK, attackers tend to be most successful in their exploits within the first two years of a vulnerability's public disclosure. This time frame aligns with the targets chosen by cybercriminals to maximize their impact. Consequently, the advisory stresses the imperative for organizations to apply security updates promptly to mitigate such threats effectively.
The Top 12 Routinely Exploited Vulnerabilities for 2022
The advisory presented a comprehensive list of the top 12 routinely exploited vulnerabilities for 2022:
|
CVE |
Vendor |
Product |
Type |
|
Fortinet |
FortiOS and FortiProxy |
SSL VPN credential exposure |
|
|
CVE-2021-34473 |
Microsoft |
Exchange Server |
RCE |
|
CVE-2021-31207 |
Microsoft |
Exchange Server |
Security Feature Bypass |
|
CVE-2021-34523 |
Microsoft |
Exchange Server |
Elevation of Privilege |
|
Zoho ManageEngine |
ADSelfService Plus |
RCE/Authentication Bypass |
|
|
Atlassian |
Confluence Server and Data Center |
Arbitrary code execution |
|
|
CVE-2021- 44228 |
Apache |
Log4j2 |
RCE |
|
VMware |
Workspace ONE Access and Identity Manager |
RCE |
|
|
VMware |
Workspace ONE Access, Identity Manager, and vRealize Automation |
Improper Privilege Management |
|
|
F5 Networks |
BIG-IP |
Missing Authentication Vulnerability |
|
|
Microsoft |
Multiple Products |
RCE |
|
|
Atlassian |
Confluence Server and Data Center |
RCE |
What Can be Done to Mitigate Against These Threats?
The cybersecurity agencies urge software vendors, designers, developers, and end-user organizations to implement a series of mitigations to bolster their cyber defenses against these persistent threats:
For Vendors, Designers, and Developers:
- Implement secure-by-design and -default principles to minimize vulnerabilities in software.
- Follow the Secure Software Development Framework (SSDF) and integrate secure design practices into all stages of the software development life cycle (SDLC).
- Establish a coordinated vulnerability disclosure program that investigates the root causes of identified vulnerabilities.
- Prioritize secure-by-default configurations, including eliminating default passwords and requiring additional configuration changes to enhance security.
- Ensure published Common Vulnerabilities and Exposures (CVEs) include proper Common Weakness Enumeration (CWE) field identification for vulnerability root causes.
For End-User Organizations:
- Apply patches promptly to systems and conduct checks for signs of compromise if identified CVEs have not been patched.
- Implement a centralized patch management system to streamline updates.
- Deploy security tools like endpoint detection and response (EDR), web application firewalls, and network protocol analyzers.
- Engage software providers to discuss secure-by-design programs and obtain information on efforts to remove vulnerability classes and establish secure default settings.
The advisory highlights the collective responsibility shared by software stakeholders, organizations, and end-users to safeguard against cyber threats. By acting on the recommendations outlined in the advisory, stakeholders can contribute to a more secure digital landscape and thwart the efforts of malicious cyber actors seeking to exploit outdated vulnerabilities.
You can read the full report released by joint cybersecurity advisory which provides more information and additional routinely exploited vulnerabilities in 2022.
