Home News Top 10 Commonly Exploited Vulnerabilities Between 2016-2019

Top 10 Commonly Exploited Vulnerabilities Between 2016-2019

microsoft, flaws in SonicWall SRA SMA

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. government released a list of the top ten commonly exploited security vulnerabilities between 2016 and 2019. The agencies issued a security alert (AA20-133A) through the National Cyber Awareness System (NCAS) to help security professionals in public and private organizations prioritize patching the most common vulnerabilities in their security environments. The alert provides details on Common Vulnerabilities and Exposures (CVEs) that are routinely exploited by foreign threat actors.

“The public and private sectors could degrade some foreign cyber threats to U.S. interests through an increased effort to patch their systems and implement programs to keep system patching up to date,” CISA said.

“A concerted campaign to patch these vulnerabilities would introduce friction into foreign adversaries’ operational tradecraft and force them to develop or acquire exploits that are more costly and less widely effective. A concerted patching campaign would also bolster network security by focusing scarce defensive resources on the observed activities of foreign adversaries,” CISA added.

The CVE list includes:

Vulnerability  

Associated Malware

 

CVE-2017-11882 Loki, FormBook, Pony/FAREIT
CVE-2017-0199

 

FINSPY, LATENTBOT, Dridex
CVE-2017-5638

 

JexBoss
CVE-2012-0158 Dridex
CVE-2019-0604 China Chopper
CVE-2017-0143 Multiple using the EternalSynergy and EternalBlue Exploit Kit
CVE-2018-4878 DOGCALL
CVE-2017-8759 FINSPY, FinFisher, WingBird
CVE-2015-1641 Toshliph, Uwarrior
CVE-2018-7600 Kitty

Data Source: us-cert.gov

Most Exploited Bugs

The alert stated that threat actors often exploited bugs in Microsoft’s Object Linking and Embedding (OLE) technology, with Apache Struts web framework being the second-most-reported vulnerable technology. “Of the top 10, the three vulnerabilities used most frequently across state-sponsored cyber actors from China, Iran, North Korea, and Russia are CVE-2017-11882, CVE-2017-0199, and CVE-2012-0158. All three of these vulnerabilities are related to Microsoft’s OLE technology,” CISA said.

Vulnerabilities Exploited in 2020

The U.S. government also reported vulnerabilities that are routinely exploited by state-sponsored actors in 2020, which include:

  • CVE-2019-19781 – An arbitrary code execution vulnerability in Citrix VPN appliances
  • CVE-2019-11510 – An arbitrary file reading vulnerability in Pulse Secure VPN servers, continues to be an attractive target for malicious actors.

Cybersecurity weaknesses like poor employee education on social engineering attacks and a lack of system recovery and contingency plans continue to make organizations susceptible to ransomware attacks in 2020.

“March 2020 brought an abrupt shift to work-from-home that necessitated, for many organizations, rapid deployment of cloud collaboration services, such as Microsoft Office 365 (O365). Malicious cyber actors are targeting organizations whose hasty deployment of Microsoft O365 may have led to oversights in security configurations and vulnerable to attack,” CISA added.

CISA and NCSC Release Joint Advisory

In a recent development, the cybersecurity officials in the U.K. National Cyber Security Centre (NCSC), the U.S. Department of Homeland Security (DHS), and the CISA stated that cybercriminals and advanced persistent threat (APT) groups are targeting individuals and organizations with a variety of ransomware and malware attacks, thereby exploiting the COVID-19 outbreak for their personal gain. The security agencies have released a joint advisory describing the growing number of attackers and other malicious groups in the U.K. and the U.S.