The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a list of top 10 vulnerabilities routinely exploited by hackers since 2016.
According to CISA, the primary purpose behind sharing the list is to advise security personnel to prioritise the work on patching critical vulnerabilities in their environments in efforts to spoil attacks from foreign cyber actors.
The CISA believes a focused campaign to patch these bugs would introduce friction into the operational tradecraft of foreign adversaries and would force cyber actors to develop exploits that are more expensive and less widely effective.
According to CISA, the top ten most exploited bugs by state, nonstate and unattributed threat groups from 2016 to 2019 are:
Since 2016, hackers have most routinely exploited bugs in Microsoft's Object Linking and Embedding (OLE) technology, as per CISA. OLE is a proprietary technology from Microsoft which enables embedding and linking of application data and objects written in different formats.
CVE-2017-11882, CVE-2017-0199, and CVE-2012-0158 are three vulnerabilities in OLE technology that have most frequently used by state-sponsored threat groups from Russia, China, North Korea and Iran.
After OLE, Apache Struts web framework is the second-most-reported exploited technology, as per CISA.
Security agencies are also observing Chinese hackers using CVE-2012-0158 flaw more frequently since December 2018, suggesting that many organisations have not yet patched the bug.
This year, attackers have increasingly tried to exploit unpatched Citrix VPN (CVE-2019-19781) and Pulse Secure VPN (CVE-2019-11510) vulnerabilities. The number of attacks has specifically increased amid COVID-19 outbreak, which has forced millions of people to work from their homes.
The alert from CISA provides mitigations measures for each of these vulnerabilities. It also recommends organisations to shift away from any end-of-life software as the easiest way to mitigate unpatched bugs in their environments.
Vendors says it will not release a security patch as affected product has already reached end-of-life
The app is mostly used by Chinese speakers, as per researchers
The organisations being targeted include healthcare bodies, medical research institutions, pharmaceutical firms and others
'Well organised' cyber criminals were focused on loyalty card schemes
The malware can intercept the two-factor authentication security codes sent to the device