FBI Unveils the Top-10 Most Exploited Cybersecurity Vulnerabilities

The FBI has been keeping tabs on the most exploited vulnerabilities for years. They also pay close attention when it appears that hacking is being perpetrated by other nations. On May 12th, they released their list of the top 10 most exploited vulnerabilities. The list is intended to help all organizations “place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors,” they say.

Typically, “sophisticated nation-state hackers” refers to China, Iran, North Korea and Russia.

“Foreign cyber actors continue to exploit publicly known – and often dated – software vulnerabilities against broad target sets, including public and private sector organizations,” the guide says. “Exploitation of these vulnerabilities often requires fewer resources as compared with zero-day exploits for which no patches are available.”

All hackers tend to use the easiest tool for the job. If exploiting a simple flaw gives attackers remote access, they will use it.

Indeed, the most recent of the top 10 flaws included in the document is CVE-2019-0604, a Microsoft SharePoint vulnerability that dates from March 5, 2019 – and which was patched two days later. Many of the other flaws are much older. The most-exploited flaws involve vulnerabilities in Adobe Flash Player, Apache Struts, Drupal, Microsoft .NET Framework, Microsoft Office and numerous other types of Windows software. All of them have been patched.

As long as organizations have yet to patch older flaws, attackers will keep targeting them.

3 Flaws Targeted Above All Others
The guide says that of the 10 most targeted vulnerabilities, attackers associated with China, Iran, North Korea and Russia most often target just three of them: CVE-2017-11882, CVE-2017-0199 and CVE-2012-0158. All involve vulnerabilities in Microsoft’s object linking and embedding – OLE – technology. “OLE allows documents to contain embedded content from other applications such as spreadsheets,” the guide notes. “After OLE, the second-most reported vulnerable technology was … Apache Struts.”

It’s not only nation-state attackers that continue to target these flaws, as the guide makes clear. Some of the commonly used hacking tools such as: Dridex, a banking credentials stealer in use since 2015; Loki, an info stealer first detected in 2016; Kitty, a cryptojacker that first appeared in 2018; and others that are readily available on the market or even offered as a service.

Prioritize Fixes
In all cases, the solution for mitigating the risk posed by the 10 vulnerabilities remains clear: Update or upgrade all versions of the software present in an organization to a version that includes patches.

Of course, the 10 vulnerabilities are only a fraction of the flaws that need fixing in any given organization, and which grow with every day that goes by. That’s why having a robust remediation program in place is so essential.

When a government cybersecurity or intelligence agency issues a warning about attacks, it’s because it’s been seeing a sufficient volume of them to cause concern. Organizations need to ensure the 10 most-exploited vulnerabilities included in the CISA and FBI list have been fixed.

Unfortunately, many organizations still have unpatched vulnerabilities. One of the top 10 vulnerabilities that was most exploited by sophisticated nation-state attackers up to December 2019 has been used since 2015. As long as the top 10 vulnerabilities remain unpatched, expect nation-state actors and criminal groups to keep targeting them.

For the full FBI and CISA list go to: https://www.us-cert.gov/ncas/alerts/aa20-133a

For help addressing your cybersecurity infrastructure, call ITPAC today.