Large-profile vulnerabilities in Citrix, Pulse Protected and Fortinet software package have been the most common targets for attackers in 2020.
In accordance to a report introduced by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), a remote code execution flaw in Citrix’s Software Supply Controller and Gateway merchandise, CVE-2019-19781, was the top rated concentrate on for exploits in 2020, even with staying fully patched extra than a calendar year back. The study bundled figures gathered by CISA, the FBI, the Australian Cyber Security Centre and the U.K. Nationwide Cyber Security Centre.
The Citrix flaw, publicized at the change of the 2020 calendar year, enables burglars to attain remote code execution on vulnerable servers by using a listing traversal flaw. CISA claimed that in accordance to the figures it gathered, the bug was the solitary most common concentrate on for attackers. The report claimed known flaws remain the most effective source of open doors for criminals even as patches are rolled out.
One particular big component in the 2020 craze appears to be remote get the job done, as cybercriminals seized on flaws that have been uncovered by the need to accommodate staff dialing into the business network from residence.
“Cyber actor exploitation of extra lately disclosed software package flaws in 2020 in all probability stems, in portion, from the expansion of remote get the job done possibilities amid the COVID-19 pandemic,” the CISA report claimed.
“The speedy shift and improved use of remote get the job done possibilities, this kind of as digital personal networks (VPNs) and cloud-based mostly environments, probable positioned supplemental burden on cyber defenders struggling to manage and keep speed with regimen software package patching,” the report mentioned.
Second to the Citrix bug in terms of attacks was CVE-2019-11510, a file browse vulnerability in Pulse Protected merchandise, followed by CVE-2018-13379, a route traversal bug in Fortinet’s FortiGate VPN, and CVE-2020-5902, a remote code execution flaw in F5 Network’s Large-IP equipment.
All 4 vulnerabilities have been exploited in extensive attacks and have been bundled in numerous stability advisories from vendors and governing administration companies. For illustration, a Fortinet bug turned a money cow for criminals in 2020 as the Cring ransomware group preyed on it in purchase to choose servers hostage.
For once, Microsoft did not uncover itself the key concentrate on for attacks, as it only positioned sixth (CVE-2017-11882, remote code execution) on the CISA list of top rated targets. Microsoft commonly finds itself atop these rankings because of to the ubiquity of Windows OSes and level of popularity with vulnerability scientists.
Marketplace pundits do not hope this craze of Microsoft position outside the top rated 3 attack targets to final, on the other hand. Jon Oltsik, principal analyst at Organization Technique Group, a division of TechTarget, claimed this was extra a case of Citrix and Pulse staying in the improper put at the improper time, snatching up dubious titles commonly claimed in Redmond because of to Microsoft’s huge organization footprint.
“I would characterize this as a 1-off scenario,” Oltsik told SearchSecurity. “Provided Microsoft’s sector presence, it will make all top rated lists extra often than not and I do not feel shoppers are carrying out everything greater with Microsoft vulnerabilities as opposed to some others.”
CISA mentioned that Microsoft flaws are probable to go on to be the preferred targets of attackers, many thanks to the sloppy patching behavior of providers that neglect to deal with years-old vulnerabilities.
“Destructive cyber actors will most probable go on to use older known vulnerabilities, this kind of as CVE-2017-11882 influencing Microsoft Workplace, as prolonged as they remain successful and devices remain unpatched,” CISA claimed.
“Adversaries’ use of known vulnerabilities complicates attribution, lessens costs, and minimizes threat because they are not investing in building a zero-day exploit for their unique use, which they threat shedding if it results in being known,” CISA reported.
CISA’s report also detailed the most focused vulnerabilities in 2021 so considerably, which consist of the Microsoft Trade zero-day vulnerabilities uncovered earlier this calendar year and a flaw in Accellion’s File Transfer Appliance, commonly known as FTA.