Among others, the US institutions Cybersecurity and Infrastructure Security Agency (CISA) and FBI, together with global partners such as the Cyber Security Center (NCSC-UK), show in a report that online gangsters mainly exploit security gaps that have been known for a long time to attack companies .
Old, but no less dangerous
As can be seen from the report on the most frequently exploited vulnerabilities in 2022, patch management in many companies is obviously not running optimally: many of the exploited vulnerabilities date from previous years. The majority are security gaps from 2021. Some even go back to 2017.
In 2022, over 25,000 new vulnerabilities were reported as part of the Common Vulnerabilities and Exposures (CVE) program. Of these, only five appear in the top twelve of the 2022 most frequently exploited vulnerabilities in the list.
According to NSA Technical Director Neal Ziring, legacy vulnerabilities offer attackers a cheap and effective way to access sensitive data. Since the vulnerabilities have been known for a long time, they are well documented and exploit code has been around for a long time. This makes attacks easier and attackers continuously scan the Internet for vulnerable systems – and, as the report shows, still hits years later.
A five-year-old vulnerability (CVE-2018-13379) in FortiOS and FortiProxy remains particularly popular with attackers. Attackers can use this to access VPN access data. The proxy shell vulnerabilities in Microsoft Exchange (CVE-2021-34473, CVE-2021-31207, CVE-2021-34523) are still in demand. In these cases, attackers can execute malicious code, among other things. An exchange vulnerability (CVE-2017-11882) even goes back to 2017.
Many of the vulnerabilities mentioned already dominated the list in 2022 for the most frequently exploited vulnerabilities in 2021. Even if it sounds like a matter of course for many admins, security patches should always be installed promptly.
In addition, they should specifically analyze their systems for older vulnerabilities and act immediately. In an article, the authors of the report give additional security tips on how admins can get rid of dangerous legacy issues.
Go to home page
#Report #Cybercriminals #love #legacy #vulnerabilities