Most Exploited Vulnerabilities

Researchers from the Federal Bureau of Investigation (FBI) and the Cybersecurity, Department of Homeland Security (DHS), and Cybersecurity & Infrastructure Security Agency (CISA) have published a list of the most exploited vulnerabilities for the period from 2016 to 2020.

To counter the most obvious forms of attacks, the security experts have strongly recommended all the companies in both public and private sectors to install all the essential patches and updates immediately.

The massive installation of patches and updates will directly affect the cyber arsenal of foreign hackers targeting the American companies. As this will lead the hackers to develop new exploits, in short, to develop new exploits, they have to invest resources; to justify and support the above declaration, the U.S. government officials have given this statement.

According to the CISA report, unlike zero-day vulnerabilities, exploiting these vulnerabilities requires less resources. “A concerted campaign to fix these vulnerabilities would interfere with the work methods of foreign adversaries and force them to develop or acquire more expensive and less effective exploits,” the report said.

The joint CISA & FBI security alert includes the following remarks, that must be considered:-

Microsoft’s Object Linking and Embedding (OLE) is most frequently attacked by the attackers, and it is a technology that allows the Office documents to embed content from other apps.

CVE-2017-11882, CVE-2017-0199, and CVE-2012-0158 are the most exploited security flaws that were used by the government-backed hacker groups.

The second most attacked technology is the ‘Apache Struts.’CVE-2019-19781 and CVE-2019-11510 are the two most frequently exploited vulnerabilities in this year, 2020.

In recent times, many organizations are shifting to work from home setups due to the COVID-19 pandemic, and this shifting process has misconfigured Microsoft’s Office 365 deployments.

Here are the list of the vulnerabilities that were exploited most between 2016-2020:-

  1. CVE-2017-11882
  2. CVE-2017-0199
  3. CVE-2017-5638
  4. CVE-2012-0158
  5. CVE-2019-0604
  6. CVE-2017-0143
  7. CVE-2018-4878
  8. CVE-2017-8759
  9. CVE-2015-1641
  10. CVE-2018-7600

Most Exploited Vulnerabilities & Mitigations

  • Vulnerable Products: Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Products
  • Associated Malware: Loki, FormBook, Pony/FAREIT
  • Fix: Microsoft fixed it in November 2017.
  • Mitigation: Have to update all the Microsoft products with the latest security patches.
  • IOCs: https://www.us-cert.gov/ncas/analysis-reports/ar20-133e
  • Vulnerable Products: Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1
  • Associated Malware: JexBoss
  • Fix: Oracle fixed it in September 2017.
  • Mitigation: Have to upgrade to ‘Struts 2.3.32 or Struts 2.5.10.1.’
  • IOC: ttps://www.us-cert.gov/ncas/analysis-reports/AR18-312A
  • Vulnerable Products: Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016
  • Associated Malware: Multiple using the EternalSynergy and EternalBlue Exploit Kit
  • Fix: Microsoft fixed it in March 2017.
  • Mitigation: Have to update all the Microsoft products with the latest security patches.
  • Details: https://nvd.nist.gov/vuln/detail/CVE-2017-0143
  • Vulnerable Products: Adobe Flash Player before 28.0.0.161
  • Associated Malware: DOGCALL
  • Fix: It was fixed by Adobe in February 2018.
  • Mitigation: Have to update the Adobe Flash Player installation to the latest version with the latest security patches.
  • IOCs: https://www.us-cert.gov/ncas/analysis-reports/ar20-133d
  • Vulnerable Products: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7
  • Associated Malware: FINSPY, FinFisher, WingBird
  • Fix: It was fixed by Microsoft in September 2017.
  • Mitigation: Have to update all the Microsoft products with the latest security patches.
  • IOCs: https://www.us-cert.gov/ncas/analysis-reports/ar20-133f
  • Vulnerable Products: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1
  • Associated Malware: Toshliph, UWarrior
  • Fix: Microsoft fixed it in April 2015.
  • Mitigation: Have to update all the Microsoft products with the latest security patches.
  • IOCs: https://www.us-cert.gov/ncas/analysis-reports/ar20-133m
  • Vulnerable Products: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1
  • Associated Malware: Kitty
  • Fix: The Drupal Community fixed it in March 2018.
  • Mitigation: Have to upgrade to the most recent version of Drupal, “Drupal 7 or Drupal 8.”
  • Detail: https://nvd.nist.gov/vuln/detail/CVE-2018-7600

All the vulnerabilities mentioned above are shared by the DHS CISA, and the FBI are used by both government-backed hackers and regular cybercriminals.

So, what do you think about this? Simply share all your views and thoughts in the comment section below. And if you liked this post, then simply do not forget to share this post with your friends, family, and on your social network profiles as well.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read:

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.