Government Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities
Introduction
Government agencies in Australia, Canada, New Zealand, the UK, and the US have recently published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022. The report highlights that threat actors mainly targeted internet-facing systems that were not patched against older, known vulnerabilities. The report also highlights the importance of timely patching and the decreasing value of known vulnerabilities as software gets patched or upgraded.
The Most Exploited Vulnerabilities
Throughout 2022, the reporting agencies observed the frequent exploitation of twelve vulnerabilities, some of which had been exploited in previous attacks as well, despite patches being available for years. The vulnerabilities listed include:
- CVE-2018-13379 (Fortinet SSL VPNs)
- CVE-2021-34473, CVE-2021-31207, CVE-2021-34523 (Microsoft Exchange, ProxyShell)
- CVE-2021-40539 (Zoho ManageEngine ADSelfService Plus)
- CVE-2021-26084, CVE-2022-26134 (Atlassian Confluence)
- CVE-2021-44228 (Log4Shell)
- CVE-2022-22954, CVE-2022-22960 (VMware products)
- CVE-2022-1388 (F5 BIG-IP)
- CVE-2022-30190 (Windows, Follina)
Additional Vulnerabilities of Concern
In addition to the most frequently exploited vulnerabilities, the report also calls attention to 30 other known vulnerabilities that were routinely exploited in attacks in 2022. These vulnerabilities affected products from Apache, Citrix, F5 Networks, Fortinet, Ivanti, Microsoft, Oracle, QNAP, SAP, SonicWall, VMware, WSO2, and Zimbra.
Recommendations for Vendors and Developers
The report advises vendors and developers to take the following steps to mitigate the risk of exploitation:
- Audit their environments to identify classes of exploited vulnerabilities and eliminate them
- Implement secure design practices
- Prioritize secure-by-default configurations
- Follow the Secure Software Development Framework (SSDF)
Recommendations for End-User Organizations
The report also provides recommendations for end-user organizations to enhance their security posture:
- Apply available software updates and patches in a timely manner
- Perform secure system backups
- Maintain a cybersecurity incident response plan
- Implement robust identity and access management policies
- Ensure that internet-facing network devices are secured
- Implement Zero Trust Network Architecture (ZTNA)
- Improve supply-chain security
Internet Security and the Vulnerability Landscape
The publication of this list of frequently exploited vulnerabilities serves as a reminder of the importance of maintaining robust internet security practices. In the digital age, our reliance on software and online services has made us more vulnerable to cyber threats. The exploitation of known vulnerabilities can be particularly damaging, as threat actors can leverage these vulnerabilities to gain unauthorized access to critical systems and sensitive information.
The Achilles’ Heel of Software
Software vulnerabilities can be seen as the Achilles’ heel of the digital world. As technology advances at a rapid pace, software evolves and new vulnerabilities are discovered. However, the patching process is not always as efficient. There are various reasons why organizations may fail to apply patches promptly, including limited resources, compatibility concerns, and a lack of awareness about the seriousness of the vulnerability. This creates a window of opportunity for threat actors to exploit these vulnerabilities and carry out malicious activities.
The Importance of Timely Patching
The report emphasizes the importance of timely patching to reduce the effectiveness of known vulnerabilities. Cyber threat actors tend to have the most success exploiting vulnerabilities within the first two years of public disclosure. As software vendors release patches and upgrade their products, the value of these vulnerabilities gradually decreases. Therefore, organizations must prioritize patch management and ensure that systems and software are regularly updated.
The Role of Zero Trust Network Architecture (ZTNA)
The report also highlights the importance of implementing Zero Trust Network Architecture (ZTNA) as a security measure. ZTNA is a security framework that assumes no trust between network entities and verifies the identity and trustworthiness of all users, devices, and services attempting to access resources. By implementing a ZTNA approach, organizations can reduce their attack surface and minimize the impact of potential vulnerabilities.
Editorial: A Call for Collaboration and Vigilance
The publication of this list by the Five Eyes government agencies serves as a call to action for all stakeholders involved in internet security. Vendors, developers, end-user organizations, and individuals must work together to address the ever-evolving threat landscape.
The Role of Vendors and Developers
Vendors and developers have a responsibility to prioritize security in the design and development of their software and products. By implementing secure design practices, following established frameworks like the Secure Software Development Framework (SSDF), and proactively patching vulnerabilities, vendors and developers can significantly reduce the attack surface available to threat actors.
The Obligation of End-User Organizations
End-user organizations, on the other hand, must prioritize cybersecurity and adopt a proactive approach to patch management. This includes regularly applying software updates and patches, implementing robust identity and access management policies, and improving supply-chain security. By doing so, organizations can reduce their susceptibility to attacks and minimize the potential impact of successful exploits.
The Role of Individuals
Individuals also have a role to play in internet security. It is essential for individuals to stay informed about the latest threats and vulnerabilities, practice good cybersecurity hygiene, and report any suspicious activities. By being vigilant and following best practices, individuals can contribute to the overall security of the digital ecosystem.
Conclusion
The publication of the most frequently exploited vulnerabilities by the Five Eyes government agencies highlights the need for increased collaboration and vigilance in the field of cybersecurity. By prioritizing timely patching, implementing secure design practices, and following best practices for internet security, we can collectively reduce the risk of successful cyberattacks and protect our critical systems and sensitive information. It is only through a coordinated effort that we can effectively address the ongoing threats in the digital landscape.
<< photo by Rodolfo Clix >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Unleashing Collective Expertise: Unveiling 2022’s Most Exploited Vulnerabilities through Collaborative Cybersecurity Initiatives
- Critical Cybersecurity Agencies Unite to Expose the Top Exploited Vulnerabilities of 2022
- The Rise of UEFI Attacks: CISA Sounds the Alarm on Critical Vulnerabilities
- The Vulnerable Honeywell DCS Platform: An Industrial Organization’s Achilles’ Heel
- The Achilles’ Heel of Email Security: Is Your SEG at Risk?
