The US, UK, and Australian cybersecurity authorities, including the FBI, disclosed the most exploited vulnerabilities in 2020 and 2021 on July 28, 2021, and appealed for patch application and focus on these vulnerabilities.
The FBI and the Department of Homeland Security cybersecurity infrastructure security agency CISA, the UK Cybersecurity Center NCSC, and the Australian Cybersecurity Center ACSC jointly announced on July 28 (local time) the top 30 commonly exploited vulnerabilities and demanded vigilance from relevant authorities. Recommendation (Alert-AA21-209A) has been issued.
According to the list of vulnerabilities released by the FBI, the 14 most exploited in 2020 (CVE-2019-19781, CVE-2019-11510, CVE-2018-13379, CVE-2020-5902, CVE-2020-15505, CVE-2020) -0688, CVE-2019-3396, CVE-2017-11882, CVE-2019-11580, CVE-2018-7600, CVE-2019-18935, CVE-2019-0604, CVE-2020-0787, CVE-2020-1472 ), the one that was particularly exploited was CVE-2019-19781.
The report states that the reasons why cyber actors such as state agencies and criminals prefer these vulnerabilities are that it is easy to exploit, the Citrix server is widely available, and can be exploited to perform remote code execution on target systems without permission. .
Vulnerabilities exploited in 2021 (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-22893, CVE-2021-22894, CVE-2021-22899, CVE- 2021-22900, CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104, CVE-2021-21985, CVE-2018-13379, CVE-2020-12812, CVE-2019- 5591), the most damaging is a vulnerability (ProxyLogon) found in Microsoft Exchange Server. This vulnerability was discovered in systems widely used in large American corporations and government offices, and the problem of proxy logon has developed into a situation in which the US government issues an emergency directive.
According to CISA, this joint recommendation is one of CISA’s important activities, with the purpose of cooperating with other organizations to identify vulnerabilities to which public and private companies will preferentially apply patches and to minimize the risk of malicious cyber actors. Related information can be found here.