Any successful cyber attack begins with penetrating the target network. Cybercriminals must overcome network defenses, whether it’s a stealer, ransomware, or other malware. According to an expert report, in 2022, 50% of successful infiltrations were performed using previously known vulnerabilities.
Top Vulnerabilities 2023
According to the cybersecurity report in 2023, the previously known vulnerabilities reported over the past three years may cause concern again. Thus, in 24 percent of all cyberattacks, cybercriminals used vulnerabilities known in 2022. In second place are vulnerabilities known in 2021, accounting for 18%. That, by the way, totally repels any opinion that claims uselessness of updating and using security tools. Having all of that onboard, you will cut off over 40% of all possible attack vectors. But now, let’s have a peek into the most widespread exploits.
ProxyShell
ProxyShell, known as CVE-2021-34473, CVE-2021-34523, CVE-2021-31207, and CVSS severity rating of 3.1, is a chain of attacks that exploits three vulnerabilities in Microsoft Exchange Server – ProxyShell, ProxyLogon, and ProxyNotShell. Using these vulnerabilities, attackers who are not authenticated can remotely execute code on vulnerable servers. Although these vulnerabilities were discovered and patched in 2021, they are still the most exploited and often lead to significant security breaches.
Follina in Microsoft Office
Recently, Microsoft has disabled the ability to execute macros in documents from external sources by default. However, attackers have not stopped them, and they use special .docx and .rtf documents to download and execute malicious code. To do this, they exploit the Follina vulnerability (CVE-2022-30190 and CVSS severity rating of 7.8) in unpatched systems to deploy Qbot or other Remote Access Trojans. It allows malicious code to run even if macros are disabled or the document is protected, making Follina one of the most commonly used vulnerabilities discovered in 2022.
Fortinet
Two critical bugs were reported in Fortinet products in October and December 2022 (CVSS score: 9.6 and 9.3). These bugs allow attackers who fail authentication to execute arbitrary code using specially crafted queries. However, even though the company has issued updates and CISA has warned of significant risk to federal organizations, as of early 2023, 18% of organizations were victims of the CVE-2022-40684 vulnerability exploit attack.
Causes
Experts note that attackers often exploit Remote Code Execution (RCE) vulnerabilities and Remote Desktop Protocol services left open to gain access to the network and deploy malicious code. However, many organizations do not use protections on servers for fear of performance degradation. Moreover, security and network equipment vendors often use admin/password as the default login combination. Even worse, some users keep this combination the same the first time they configure it, which makes life easier for an intruder.
How to prevent
Fortunately, you can fix that. Therefore, I’ve put together some tips below that you can follow to reduce the chance of negative consequences:
- Install the latest updates. Since Microsoft regularly releases patches vulnerabilities as part of its monthly security updates, we strongly recommend that you do not ignore these updates. This also applies to other products like Microsoft Office and Fortinet software.
- Change server settings. To restrict access to Exchange virtual directories, you can change server settings to limit access to virtual directories from the internal network only.
- Review the audit log. This will help you detect attempted attacks and take quick action to prevent them. Also, ensure that the audit logs are correctly configured to record enough information about events on the server.
- Train your employees. Educating users on security fundamentals is equally important, such as recognizing phishing and never opening suspicious links or email attachments. It’s also important not to share sensitive data upon request.
- Implement strict security policies and enforce them. This may include prohibiting using personal devices for work, including smartphones, tablets, and laptops unless they meet your security standards.
- Limit access to the configuration interface to only authenticated users with the necessary permissions. It will help prevent unauthorized access to the device settings.
- Use additional security measures such as multi-factor authentication (MFA) to protect access to the device. This will add an extra layer of security.
- Use solutions like Secure Access Service Edge (SASE). SASE allows multiple security features such as authentication, authorization, threat protection, and network and application access features such as virtual private networks (VPNs) and routing to combine into a single system to provide more effective and convenient security for the corporate network.
Conclusion
In the digital age, the security of software applications and systems has become increasingly crucial as malicious actors constantly look for vulnerabilities to exploit. News of cyberattacks is in the spotlight, and the severity of attacks continues to grow, so everyone needs to strengthen their organization’s security through education, awareness, and training. Cybersecurity threats permeate new environments as technology evolves, but many threats will remain the same. Therefore, continuous assessment of processes, people, and systems is necessary for organizations to be prepared and operationally resilient. By using the knowledge of ethical hackers, conducting regular testing, and using automation, organizations can be better ready for potential threats.