Top 10 most exploited vulnerabilities list released by FBI, DHS CISA
By Lisa Vaas, Sophos
May 15, 2020
When work-from-home became a sudden, urgent need in March, many organizations slapped together cloud-collaboration services such as Microsoft Office 365 for their newly locked-down staff.
Unfortunately and understandably, pressure was high. People were scrambling. Thus did a number of those services get put together with a wing, a prayer, and misconfigurations that set them up to be targeted by malicious threat actors?
According to a new report that covers the Top 10 Routinely Exploited Vulnerabilities from the US’s cybersecurity arms – the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) and the FBI – the abrupt shift to work-from-home that came in March led to rapid, sometimes hasty deployment of cloud collaboration services. The resulting oversights in security configurations have left some organizations vulnerable to attack.
That’s just one of the vulnerabilities that the agencies are seeing being exploited this year by, what they say are, sophisticated foreign cyber actors. Another trend for 2020 is malicious cyber actors who are increasingly targeting unpatched Virtual Private Network (VPN) vulnerabilities. These are two of the specific VPN vulnerability attacks they’ve spotted:
Unpatched systems grease the wheels for attackers
All that for 2020, and we still haven’t even gotten to the meat of the report: the 10 most exploited vulnerabilities for the years 2016 through 2019. Before we hit that list, though, take heed of what the US cybersecurity outfits are telling us: namely, that it’s vital for IT security pros at public and private sector organizations to place “an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors.”
The rationale behind the report is to provide details on vulnerabilities that are routinely exploited by foreign cyber actors – primarily Common Vulnerabilities and Exposures (CVEs) – in order for organizations to reduce the risk of these foreign threats, according to the US.
Leaving systems unpatched is making it easy as pie for those foreign threat actors. From the report:
In other words, there are ways to force attackers to work a lot harder: namely, by patching in a timely fashion, as soon as practicable when patches come out: