SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

Top 10 most exploited vulnerabilities list released by FBI, DHS CISA

By Lisa Vaas, Sophos

May 15, 2020

When work-from-home became a sudden, urgent need in March, many organizations slapped together cloud-collaboration services such as Microsoft Office 365 for their newly locked-down staff.

Unfortunately and understandably, pressure was high. People were scrambling. Thus did a number of those services get put together with a wing, a prayer, and misconfigurations that set them up to be targeted by malicious threat actors?

According to a new report that covers the Top 10 Routinely Exploited Vulnerabilities from the US’s cybersecurity arms – the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) and the FBI – the abrupt shift to work-from-home that came in March led to rapid, sometimes hasty deployment of cloud collaboration services. The resulting oversights in security configurations have left some organizations vulnerable to attack.

That’s just one of the vulnerabilities that the agencies are seeing being exploited this year by, what they say are, sophisticated foreign cyber actors. Another trend for 2020 is malicious cyber actors who are increasingly targeting unpatched Virtual Private Network (VPN) vulnerabilities. These are two of the specific VPN vulnerability attacks they’ve spotted:

  • An arbitrary code execution vulnerability in Citrix VPN appliances, known as CVE-2019-19781, that’s been detected in exploits in the wild. Citrix shipped patches as vulnerable servers came under attack in January. As we noted at the time, Citrix was vague about what the flaw would enable attackers to do, but based on analysis of Citrix’s proposed mitigations, the speculation was that the issue allows directory traversal: in other words, offering attackers a way to access nrestricted directories without having to authenticate.
  • An arbitrary file-reading vulnerability in Pulse Secure VPN servers, known as CVE-2019-11510, that’s still attracting malicious actors. What’s sob-worthy is that in spite of patches having been available since April 2019, as of January 2020, attackers were still using the flaws to sneak onto unpatched servers, break into company networks and install the REvil (Sodinokibi) ransomware.

Unpatched systems grease the wheels for attackers

All that for 2020, and we still haven’t even gotten to the meat of the report: the 10 most exploited vulnerabilities for the years 2016 through 2019. Before we hit that list, though, take heed of what the US cybersecurity outfits are telling us: namely, that it’s vital for IT security pros at public and private sector organizations to place “an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors.”

The rationale behind the report is to provide details on vulnerabilities that are routinely exploited by foreign cyber actors – primarily Common Vulnerabilities and Exposures (CVEs) – in order for organizations to reduce the risk of these foreign threats, according to the US.

Leaving systems unpatched is making it easy as pie for those foreign threat actors. From the report:

Foreign cyber actors continue to exploit publicly known – and often dated – software vulnerabilities against broad target sets, including public and private sector organizations. Exploitation of these vulnerabilities often requires fewer resources as compared with zero-day exploits for which no patches are available.

In other words, there are ways to force attackers to work a lot harder: namely, by patching in a timely fashion, as soon as practicable when patches come out:

The public and private sectors could degrade some foreign cyber threats to U.S. interests through an increased effort to patch their systems and implement programs to keep system patching up to date. A concerted campaign to patch these vulnerabilities would introduce friction into foreign adversaries’ operational tradecraft and force them to develop or acquire exploits that are more costly and less widely effective. A concerted patching campaign would also bolster network security by focusing scarce defensive resources on the observed activities of foreign adversaries.

Terms of Use | Copyright © 2002 - 2020 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement