Cyber Security

Top Targeted Vulnerabilities Under Attack – 2020 vs 2021

Published

on

A joint report has been published by several global cybersecurity agencies alerting about top exploited vulnerabilities in 2020 and 2021. This joint cybersecurity advisory is issued by the CISA, NCSC, and ACSC. It provides technical details for each vulnerability, indicators of compromise, and mitigations.

What’s new?

The advisory warns about cyberattacks abusing flaws in VPN appliances, network equipment, and enterprise cloud applications, such as MobileIron, Atlassian, Fortinet, F5, Citrix, and Telerik.

  • The vulnerabilities mostly targeted by attackers belong to application software related to VPNs, remote work, and cloud-based technologies.
  • Most of the VPN gateway devices were left unpatched throughout 2020. With the growth of remote work options, most organizations struggled to perform proper patch management.
  • In 2021, attackers are still targeting vulnerabilities in perimeter-type products. Some of the heavily abused vulnerabilities in 2021 are in Pulse, Microsoft, VMware, Fortinet, and Accellion.
  • Most exploited vulnerabilities for the year include CVE-2021-26855CVE-2021-26857, and CVE-2021-22894, among others.

Top exploited vulnerabilities in 2020

As further explained in the advisory, cybercriminals are still abusing publicly known old security flaws.

Conclusion

Cybercriminals are always eager to exploit vulnerabilities for their malicious intentions. Therefore, security agencies recommend organizations patch and update their systems. Following a proper patch management policy can reduce the attack surface.

Source: https://cyware.com/news/top-targeted-vulnerabilities-under-attack-2020-vs-2021-ced064ac

Click to comment
Exit mobile version