Coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI), the following Joint Cybersecurity Advisory explores and addresses the top routinely exploited digital vulnerabilities encountered in 2020 and thus far in 2021.
The report expands on 30 routinely exploited vulnerabilities by malicious cyber actors.
As cyber attackers evolve with increased and enhanced cybersecurity measures, they continue to take advantage of vulnerabilities left open by businesses big and small, and public or private.
Throughout 2020, cyber attackers exploited a variety of vulnerabilities to compromise unpatched systems. A large portion of attacks on recently disclosed software flaws can be attributed to the mass shift to remote work amid the COVID-19 pandemic. The rapid shift and increased use of remote work options, including factors such as virtual private networks (VPNs) and cloud-based environments, placed increased weight on cybersecurity implementers and programs.
“Many business continuity plans were scoped for short-term unavailability of office spaces and in some cases, only had capacity for critical workers for the business. The significant increase in remote working caused many businesses to rapidly expand their technical capabilities to support all their staff,” said Drawbridge Chief Information Security Officer, Simon Eyre. “In doing so, these remote working technologies were often less understood by the teams deploying them than a business would traditionally allow.”
Four of the most targeted vulnerabilities in 2020 affected remote work, VPNs, or cloud-based technologies. Still, many VPN gateway devices remained unpatched during 2020, with the growth of remote work options challenging the ability of organizations to conduct rigorous patch management.
“It’s no surprise to see these technologies at the top of the list for ‘most exploited vulnerabilities’, nor is it a surprise to see that 75% of those top exploits were known prior to 2020. This highlights the key importance of good vulnerability management solutions to report on everything a business uses, internally and externally, as well as the importance of policy and governance over patching and updates,” Eyre said.
It is imperative that businesses adapt to evolving cyber attacks and patch up any digital vulnerabilities that might remain for hackers to tap into. Mitigating the vulnerabilities listed in this report by putting proper cybersecurity measures and programs in place will help businesses stay safe and secure in this daunting digital age.
To gain a thorough understanding of looming cyber threats and what you can do to mitigate them in your business, read the full report.