Intelligence agencies in Australia, Canada, New Zealand, the UK, and the US have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022. The Five Eyes agencies say, threat actors mainly targeted internet-facing systems that were not patched against older, known vulnerabilities, including flaws for which Proof-of-Concept (PoC) exploit code exists publicly.
“Malicious cyber actors generally have the most success exploiting known vulnerabilities within the first two years of public disclosure the value of such vulnerabilities gradually decreases as software is patched or upgraded. Timely patching reduces the effectiveness of known, exploitable vulnerabilities, possibly decreasing the pace of malicious cyber actor operations,” the agencies note.[1]
Threat actors, the agencies say, likely focus on exploits for severe vulnerabilities that have wider impact, which provides them with “low-cost, high-impact tools” that can be used for years and prioritize exploits for bugs impacting the networks of their specific targets.
Throughout 2022, the reporting agencies observed the frequent exploitation of 12 vulnerabilities, some of which were exploited in previous attacks as well, although patches have been available for years.
The list includes:
- CVE-2018-13379 (Fortinet SSL VPNs)
- CVE-2021-34473
- CVE-2021-31207
- CVE-2021-34523 (Microsoft Exchange, ProxyShell)
- CVE-2021-40539 (Zoho ManageEngine ADSelfService Plus)
- CVE-2021-26084
- CVE-2022-26134 (Atlassian Confluence)
- CVE-2021- 44228 (Log4Shell),
- E-2022-22954
- CVE-2022-22960 (VMware products)
- CVE-2022-1388 (F5 BIG-IP)
- CVE-2022-30190 (Windows, Follina)
Additionally, the Five Eyes agencies call attention to 30 other known vulnerabilities that were routinely exploited in attacks in 2022, in products from:
- Apache
- Citrix
- F5 Networks
- Fortinet
- Ivanti
- Microsoft
- Oracle
- QNAP
- SAP
- SonicWall
- VMware
- WSO2
- Zimbra
Vendors and developers are advised to audit their environments to identify classes of exploited vulnerabilities and eliminate them, implement secure design practices, prioritize secure-by-default configurations, and follow Secure Software Development Framework (SSDF).
- End-user organizations are advised to:
- Apply available software updates and patches in a timely manner
- Perform secure system backups
- Maintain a cybersecurity incident response plan
- Implement robust identity and access management policies
- Ensure that internet-facing network devices are secured
- Implement Zero Trust Network Architecture (ZTNA)
- Improve their supply-chain security
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
[1] https://www.securityweek.com/five-eyes-agencies-call-attention-to-most-frequently-exploited-vulnerabilities/
Comments