On July 28, 2021, the Cybersecurity & Infrastructure Security Agency (CISA) issued a cybersecurity alert entitled “Top Routinely Exploited Vulnerabilities” in collaboration with the Australian Cyber Security Centre, the United Kingdom’s National Cyber Security Centre, and the FBI.
The Alert concludes that cyber criminals are exploiting vulnerabilities in unpatched systems, but that many of the vulnerabilities that criminals are exploiting recently are those that have already been disclosed (and should have already been patched) over the past two years. This means that companies are not patching against well-known vulnerabilities and leaving themselves at risk.
In addition, a remote workforce has contributed to the exploitation of vulnerabilities. According to the Alert, “[T]he rapid shift and increased use of remote work options, such as virtual private networks (VPNs) and cloud-based environments, likely placed additional burden on cyber defenders struggling to maintain and keep pace with routine software patching.” CISA points out that “four of the most targeted vulnerabilities in 2020 affected remote work, VPNs, or cloud-based technologies.”
The Alert contains a table of the “top Routinely Exploited CVEs in 2020” which lists 12 vulnerabilities, including the type of vulnerabilities that are being exploited in the wild, and states that “malicious cyber actors will most likely continue to use older known vulnerabilities, …as long as they remain effective and systems remain unpatched.”
Therefore, CISA and the FBI are encouraging organizations “to remediate or mitigate vulnerabilities as quickly as possible to reduce the risk of exploitation. Most can be remediated by patching and updating systems. Organizations that have not remediated these vulnerabilities should investigate for the presence of IOCs and, if compromised, initiate incident response and recovery plans.”
The point of the Alert is that companies that have not patched known vulnerabilities continue to be at risk as cyber criminals are always going to take the easy path to crime. They would rather get into an unlocked house than try to bust through a locked door or window.
Take a look at the Alert and confirm that the known vulnerabilities are patched already, and if not, make the patching of these vulnerabilities high priority.