The Five Eyes intelligence alliance, consisting of Australia, Canada, New Zealand, the US, and the UK, released a list of the most exploited vulnerabilities observed in 2022.
The alliance noted that threat actors focused their efforts on unpatched systems vulnerable to historical vulnerabilities left exposed on the internet, rather than exploiting recently discovered vulnerabilities, likely due to the availability of proof-of-concept exploit code. The most exploited vulnerability is CVE-2018-13379, a Fortinet SSL VPN vulnerability, for which a patch has been available since May 2019.
Of the over 25,000 new security vulnerabilities discovered in 2022, only five made the alliance’s list, shown below:
Source: Bleeping Computer
Analysis
This marks the third year in a row that CVE-2018-13379 has made it on this list. The fact that a vulnerability patched in 2019 is the most commonly exploited vulnerability four years later shows that as long as unpatched systems remain exposed on the internet, they will continue to be targeted by threat actors seeking information or financial gain.
This highlights the importance of maintaining a high patching cadence, especially when proof-of-concept exploit code is freely available. If every organization consistently applied patches to vulnerable systems, and decommissioned end-of-life systems, hackers would have a much more difficult time achieving their goals.
They would have to rely on more costly and time-consuming methods (such as developing zero-day exploits or conducting software supply chain operations), a capability that less sophisticated actors are unlikely to have.
Mitigation
Field Effect’s elite team of Security Intelligence professionals constantly monitors the cyber threat landscape for vulnerabilities discovered in hardware and software. This research contributes to the timely deployment of signatures into Covalence to detect and mitigate the exploitation of these vulnerabilities. Covalence users are automatically notified when vulnerable software is detected in their environment and are encouraged to review these AROs as quickly as possible.
References
