Most of the exploit attempts were made against targets in Germany and United States.Įven though fresh faces emerge, some old vulnerabilities are still popular with attackers. Recent attacks peaked in January 2021, and Trend Micro detected nearly 500 thousand exploits in the first half of 2021. An attacker is then able to exact clear-text usernames and passwords. The weakness is vulnerable to unauthenticated directory traversal, which allows attackers to gain access to the sslvpn_websession file. CVE-2018-13379 is a vulnerability in the Fortinet VPN product that allows an unauthenticated user to download system files via specially crafted HTTP resource requests.ĬVE-2018-13379, a vulnerability affecting Fortinet Secure Sockets Layer (SSL) VPN, is another remote work-related vulnerability targeted by attackers from 2020 through 2021. We found that there was a sudden surge in detections for CVE-2018-13379 in January 2021, and although the numbers dipped in later months, they were markedly higher than the same time last year. Our data shows the detection numbers of some of the most notable and widespread VPN vulnerabilities in 2020 and the first half of 2021. In reality, unpatched and outdated VPNs can host critical vulnerabilities, and attackers can exploit these flaws to compromise targets’ systems. However, although a VPN is a security tool, it can also be an entry vector for cyberthreats. Usage spiked in early 2020, and an early 2021 study indicated that 31% of internet users worldwide have used a VPN. Many organizations and ordinary users have adopted VPNs in offices and private homes. The top three most exploited vulnerabilities, CVE-2019-19781, CVE-2019-11510, CVE-2018-13379, all were discovered in VPN services.Īs discussed in our 2020 annual security roundup, virtual private networks (VPNs) have become indispensable for enterprises that are aiming to extend and protect their internal network connections from external threats. The hasty deployment of cloud collaboration services easily led to an oversight in security configurations. Remote work-related vulnerabilities were attractive to attackers in 2020. Table 1: Top Exploited Vulnerabilities in 2020 Nine of the weaknesses were published in or after 2019. The top three flaws on the list are related to remote work, VPN, and cloud-based environments. The 12 identified vulnerabilities on CISA’s list (Table 1) demonstrate that attackers often target recently discovered and remote work-related vulnerabilities. Once exploited, target computers would be controlled by attackers by using remote code execution (RCE), arbitrary code execution, path traversal, or other techniques. The report shows that the attackers’ favorite new targets are vulnerabilities published after 2019 and relevant to remote work, VPN (Virtual Private Network), and cloud-based technologies.Īs remote work became widespread, cyber actors have been taking advantage of the young, unpatched, remote work-related vulnerabilities, while cyber defenders struggled to keep up with routine software patching. On July 28, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) released a report detailing the top exploited vulnerabilities in 20. As COVID-19 moves people to the cloud, cyber actors now aim at shooting the sky.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |