Five Vulnerabilities Attackers Leveraged Most in 2020

Companies and cyber criminals race for unpatched software

Published: Wednesday, January 13, 2021 - 12:02

According to Gartner, 99 percent of the vulnerabilities exploited in 2020 have been ones known about by security and IT professionals at the time of the incident. However, taking care of them is tiresome, as it takes 38 days to implement a patch and in the past year alone 12,174 new common vulnerabilities and exposures (CVEs) were reported.

Software vendors are constantly publishing patches to fix identified problems, but the users themselves are responsible for the updates. Failing to install them leaves the back door open for cyber criminals who can utilize it for a breach.

“To enhance the chances of a successful attack, cyber criminals normally look for the weak links in software used by many people, namely, office programs or cloud services,” says Juta Gurinaviciute, chief technology officer at NordVPN Teams. “Therefore, even the innocent-looking DOC or RTF file can be hazardous, providing it has a malicious piece of code. It is executed immediately after the user opens the file, and consequences are unpredictable. The risk amplifies as people work remotely during the pandemic, of course.”

Five vulnerabilities attackers leverage most

Even though taking care of all the patches seems impossible, hackers leverage some more frequently. It is either because of their scope, the potential damage, or the number of devices affected. Here are five of the most troublesome that IT security professionals have had to deal with in 2020.

1. CVE-2012-0158. Despite being almost a decade-old, CVE-2012-0158 is still employed and remains among the top CVEs in 2020. It is aimed at Microsoft products and can be activated upon the user opening a corrupt document (DOC) file or Rich Text Format (RTF) file. The code can install malicious programs and has even been targeted at governments and officials, including a Canadian medical organization, where a corrupt RTF file was sent from a fake World Health Organization email address.

2. CVE-2019-0604. One of the recent vulnerabilities affecting Microsoft SharePoint, a platform used for file sharing and collaboration online. An attacker who utilizes the CVE-2019-0604 can run a code in the context of the SharePoint application pool and the SharePoint server farm account. It allows hackers to install a web shell and hence access the system and even the internal networks on which it resides, meaning more devices can get affected. Last year hackers used this vulnerability to breach the United Nations network and access 400 GB of sensitive data.

3. CVE-2020-4006. Just a few weeks ago the U.S. National Security Agency (NSA) released a cybersecurity advisory about Russian state-supported actors trying to leverage CVE-2020-4006 vulnerability, aimed at various VMware digital workspace services. When hackers gained access to the specific port 8443 and the administration credentials, the unrestricted privileges on the underlying operating system became available to them. This security gap is dangerous because it is fairly recent, and patches only started to roll out.

4. CVE-2018-7600. Users shouldn’t forget taking security measures when using an external content management system (CMS). The CVE-2018-7600 is believed to have affected hundreds of Drupal users. The vulnerability exists within Drupal 7.x and 8.x versions, and cyber criminals can leverage it to completely compromise the site. The breach was used to install cryptocurrency mining malware on the unpatched Drupal websites.

5. CVE-2019-19781. The vulnerability code-named as CVE-2019-19781 was exploited by both cyber criminals and nation-state hackers for ransomware attacks and espionage on organizations using the Citrix server application and desktop virtualization software. Among those attacked were Gedia Automotive Group, Bretagne Telecom, and Conduent. Unauthenticated cyber criminals were able to connect to the affected computers and execute arbitrary codes on them.

Securing remote access

According to NordVPN teams’ expert, “Consistent patching and endpoint hardening is challenging due to the digital transformation and modern workforce evolution. Enterprises highlight the difficulty in patching systems belonging to mobile employees or remote offices. During the pandemic, the problems multiply as more people work remotely.”

To stay immune to cyber attacks, enterprises should take five steps in securing an organization’s data from vulnerabilities:
• Implement firewalls (including web application firewalls)
• Administer multifactor authentication
• Ensure secure connections and strong passwords
• Utilize intrusion-detection systems
• Constantly monitor and update web platforms

Additionally, cloud-based virtual private networks (VPNs) can also be employed to encrypt data and add an extra security layer to the system. Besides, if there’s a network segmentation in place, employees can only access the systems needed to perform job functions, whereas fixed IP reduces the surface area to leverage those unpatched vulnerabilities.

Cyber criminals are constantly scanning digital products and services for weak links, and so do the software producers and IT professionals. Therefore it is wise to accept all software updates as soon as they roll out and regularly check the CVE database for fresh cyber threats spotted around the globe.

About The Author

NordVPN Teams

NordVPN Teams is a cloud-based VPN for business from the world’s most advanced VPN service provider, NordVPN. NordVPN Teams has a full range of features to ensure convenience and powerful digital protection for organizations of all sizes, freelancers, and remote teams. NordVPN Teams offers advanced 256-bit encryption, secure remote access, malware blocking, two-factor authentication, unsecured traffic prevention, automatic connection on Wi-Fi networks, and 24/7 customer support. NordVPN Teams is available on all major platforms.