The most exploited flaw in 2022 was CVE-2018-13379, an SSL VPN credential exposure found in Fortinet’s products – FortiOS and FortiProxy.
This is according to a newly released joint security advisory published by the Cybersecurity and Infrastructure Security Agency (CISA), together with the NSA, the FBI, and Five Eyes (an intelligence alliance between Australia, Canada, New Zealand, the United Kingdom, and the United States).
The government agencies and law enforcement organizations released a list of the 12 monst exploited vulnerabilities of last year, using it as an alarm to urge organizations around the world to apply available patches and secure their endpoints properly.
As per the report, cybercriminals were mostly focused on older vulnerabilities, and not ones published in more recent times.
“In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems,” the report says. The authors argue that the existence of proof-of-concepts (PoC) for many of the flaws is why hackers opted for older software flaws: “Proof of concept code was publicly available for many of the software vulnerabilities or vulnerability chains, likely facilitating exploitation by a broader range of malicious cyber actors.”
CVE-2018-13379 was discovered in 2018 and patched more than four years ago, in May 2019. In those days, cybercriminals used the vulnerability to compromise endpoints belonging to the U.S. government and tamper with the elections support system. According to the National Vulnerability Database (NVD), the flaw has a 9.8 severity score and as such is deemed critical.
Analysis: Why does it matter?
Knowing which vulnerabilities were most popular among cybercriminals can help businesses tighten up on their security and make sure they don’t suffer a ransomware attack or a similar devastating breach in the same manner. Also, knowing that hackers were mostly targeting years-old vulnerabilities shows that many businesses aren’t as diligent as they should be when it comes to keeping their systems up-to-date, even when serious vulnerabilities are publicly disclosed and widely known.
For years now, cybersecurity researchers and law enforcement agencies have been urging businesses to maintain a tight security posture by frequently updating their software and firmware, by using only vetted, legitimate software, and by training their employees on the dangers of phishing and social engineering. Most of the time, hackers abuse these flaws by crafting special malware capable of exploiting particular flaws to infiltrate systems, extract data, or steal money.
Here is the full list of the 12 most-abused vulnerabilities in 2022, according to CISA and partners:
|CVE-2018-13379||Fortinet||FortiOS and FortiProxy||SSL VPN credential exposure|
|CVE-2021-31207||Microsoft||Exchange Server||Security Feature Bypass|
|CVE-2021-34523||Microsoft||Exchange Server||Elevation of Privilege|
|CVE-2021-26084||Atlassian||Confluence Server/Data Center||Arbitrary code execution|
|CVE-2022-22960||VMware||Workspace ONE||Improper Privilege Management|
|CVE-2022-1388||F5 Networks||BIG-IP||Missing Authentication|
|CVE-2022-26134||Atlassian||Confluence Server/Data Center||RCE|
What have others said about the findings?
In its writeup, BleepingComputer stresses that the Common Vulnerabilities and Exposures (CVE) Program published more than 25,000 new security vulnerabilities in 2022, yet only five made it to the list of the top 12 most-exploited flaws. It also added that the CISA report features 30 more vulnerabilities that were “often” used to compromise organizations. CISA tried to help, by detailing how firms can stay secure.
The Record, on the other hand, focused on how many vulnerabilities made a return appearance, after being featured in CISA’s report from the year prior.
“The list is not dissimilar to the one released last year,” the publication states. “More than half of the top 12 vulnerabilities also featured on that list, including Log4Shell (tracked as CVE-2021-44228) — which was discovered in 2021 and allegedly used by North Korean threat groups — and the Zoho vulnerability (CVE-2021-40539) used in the headline-grabbing attack on the Red Cross.”
Speaking to the media on the matter, the U.K.’s National Cyber Security Centre (NCSC) said the number of vulnerabilities reappearing on the list shows “how malicious cyber actors continued targeting previously disclosed flaws in internet-facing systems – despite security updates being available to fix them.”
“Fortinet is focused on enabling organizations to make informed risk-based decisions that help mitigate their cyber risks, including the timely deployment of patches and critical updates,” the company said after the publication of the report.
Speaking to CyberScoop, Ron Fabela, CTO at cybersecurity firm XONA Systems, said that threat actors need to use the “bare minimum” to access target networks and achieve their goals. He emphasized that the vulnerabilities only affect enterprise technologies, but that they can be used to target critical infrastructure, too.
“Although no OT specific CVEs are listed in this advisory, critical environments rely heavily on supporting enterprise infrastructure, inheriting these routinely exploited attack surface threats, and must be considered in overall IT/OT security planning,” Fabela said.
If you want to learn more about keeping your network secure, make sure to read our in-depth guides for best firewalls, best endpoint protection services, and best malware removal software. Also, make sure to read our guide for the best ransomware removal.