BLOG: The Most Routinely Exploited Vulnerabilities of 2020 & 2021

A Cybersecurity Advisory report was co-authored and published on 28th July by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI). with details on the most primary vulnerabilities exploited by malicious cyber actors in 2020 and being exploited so far in 2021.

Cyber threat actors and attackers have been continuing their journey of exploiting publicly recognised and identified software vulnerabilities against different types of organisations, including the public and private sector worldwide. Key Findings from CISA, ACSC, the NCSC, and the FBI were that in 2020, cyber actors readily exploited recently disclosed vulnerabilities to compromise unpatched systems. Based on available data to the U.S. Government, many of the top vulnerabilities targeted in 2020 were disclosed during the past two years. Cyber actor exploitation of more recently disclosed software flaws in 2020 probably stems, in part, from the expansion of remote work options amid the COVID-19 pandemic.  

The exploitation of recently disclosed software flaws in 2020 seems to derive from the impact of COVID-19 and the need for many to work remotely. Four of the most targeted vulnerabilities in 2020 affected remote work, VPNs, or cloud-based technologies. Many VPN gateway devices remained unpatched during 2020, with the growth of remote work options challenging the ability of an organisation to conduct rigorous patch management. CISA, ACSC, the NCSC, and the FBI consider the vulnerabilities listed in table 1 to be the topmost regularly exploited CVEs by cyber actors during 2020.

The report also stated that malicious cyber actors have continued to target vulnerabilities in perimeter-type devices throughout this year. Among those highly exploited are vulnerabilities in Microsoft, Pulse, Accellion, VMware, and Fortinet. CISA, ACSC, the NCSC, and the FBI assess those public and private organisations worldwide remain vulnerable to compromise.

CISA, ACSC, the NCSC, and FBI have listed the following as the most exploited vulnerabilities during 2020:

• CVE-2019-19781
• CVE-2019-11510, 
• CVE-2018-13379, 
• CVE2020-5902, 
• CVE-2020-15505, 
• CVE-2020-0688, 
• CVE-2019-3396, 
• CVE-2017-11882, 
• CVE-2019- 11580, 
• CVE-2018-7600, 
• CVE 2019-18935, 
• CVE-2019-0604, 
• CVE-2020-0787, 
• CVE-2020- 1472

Citrix’s Application Delivery Controller (ADC) vulnerability was the most exploited flaw in 2020, according to U.S. Government technical analysis. Nation-state and criminal cyber actors most likely favour using this vulnerability because it is easy to exploit, Citrix servers are widespread, and exploitation enables the actors to perform unauthorized RCE.

2021 CVEs

The following CVE’s, alongside the CVE’s listed above are CVE’s that organisations should prioritise patching:

• CVE-2021-26855, 
• CVE-2021-26857, 
• CVE-2021-26858
• CVE2021-27065 
• CVE-2021-22893
• CVE-2021-22894
• CVE-2021-22899
• CVE-2021-22900 
• CVE-2021-27101
• CVE-2021-27102
• CVE-2021-27103
• CVE-2021-27104 
• CVE-2021-21985 
• CVE-2018-13379

The best safety practice in this instance is to update software versions once patches are available and as soon as is practicable. If an organisation is unable to update all software shortly after a patch is released, prioritize patches for CVEs that are already known to be exploited or that would be accessible to the largest number of potential attackers. Vulnerabilities in Citrix’s Application Delivery Controller (ADC) were the most exploited flaw in 2020 this vulnerability is somewhat easy to exploit, possibly being the reason why nation-state cyber actors and criminal cyber actors prefer this vulnerability. Citrix servers are widespread, and exploitation enables the actors to perform unauthorized RCE on a target system.

To find out how Orpheus Cyber can protect your organisation from CVE’s, click here.