A joint Cybersecurity Advisory (CSA) released by authorities of the United States, Australia, Canada, New Zealand and the United Kingdom provides details on the top 15 common vulnerabilities and exposures (CVEs). These are vulnerabilities that were routinely exploited by malicious cyber actors in 2021.
In 2021, malicious cyber actors targeted internet-facing systems, which include, but are not limited to email servers and virtual private networks (VPN) with newly disclosed vulnerabilities. Majority of the 2021 top exploited vulnerabilities were vulnerabilities in which researchers and other actors released proof of concept (POC) code publicly, likely facilitating exploitation.
Some malicious cyber actors continued to exploit older but publicly known software vulnerabilities — some of which were also routinely exploited in 2020 and/or earlier. The exploitation of older vulnerabilities demonstrates the continued risk to organizations that fail to patch software in a timely matter or are using software that is no longer supported by the vendor. Organizations that leverage Workstation & Server Management in conjunction with Cyber Security Services can ensure that such common attack vectors are eliminated.
The top 15 vulnerabilities routinely exploited in 2021 included:
A vulnerability known as Log4Shell, which affects Apache’s Log4j library, an open-source logging framework. This vulnerability allows malicious actors to submit crafted requests to vulnerable systems that causes that system to execute arbitrary code. This allows malicious actors to gain persistent access to files and data on affected servers as well as to credentials stored on the servers. A successful exploitation of this vulnerability may allow the attacker to compromise trust and identity in a vulnerable network and traverse further.
Another set of vulnerabilities, commonly referred to as ProxyLogon, affects Microsoft Exchange email servers. Successful exploitation of these vulnerabilities in combination allows malicious actors to executed arbitrary code on vulnerable servers, which in turn, enables the attacker to gain persistent access to files and mailboxes on the servers.
Microsoft Exchange was also leveraged with a set of vulnerabilities called ‘ProxyShell’ which allowed for further ways for an attacker to execute arbitrary code on the affected server. These vulnerabilities reside within Microsoft Client Access Services, typically included in Microsoft Internet Information Services (IIS).
A vulnerability affecting Atlassian’s Confluence Server and Data Center could enable unauthenticated actors to execute arbitrary code on vulnerable systems. This vulnerability quickly became the most routinely exploited vulnerability after a proof-of-concept was released within a week of its disclosure.
A vulnerability with the CVE ID CVE-2021-21972 allowed attackers to execute arbitrary code through the VMware vSphere Client (HTML5). A malicious actor with network access to port 443 may exploit this vulnerability to executed commands with unrestricted privileges on the underlying physical servers running vCenter. This affected vCenter 7.x, 6.7, 6.5, as well as VMware Cloud Foundation 4.x and 3.x.
Solution for 2021 Top Exploited Vulnerabilities
All of the 2021 top exploited vulnerabilities have patches and updates available. It is more important than ever to speak with a trusted technology partner and resolve all outstanding vulnerabilities within your organization. Failure to do so may result in a cyber-security breach which will adversely affect an organization’s productivity, finances and reputation.