Top 10 Routinely Exploited Vulnerabilities by Hackers

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector organizations to place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors.

This alert provides details on vulnerabilities routinely exploited by foreign cyber actors—primarily Common Vulnerabilities and Exposures (CVEs)1—to help organizations reduce the risk of these foreign threats.

Vulnerabilities Exploited in 2020

In addition to the top 10 vulnerabilities from 2016 to 2019 listed above, the U.S. Government has reported that the following vulnerabilities are being routinely exploited by sophisticated foreign cyber actors in 2020:

  • Malicious cyber actors are increasingly targeting unpatched Virtual Private Network vulnerabilities.
  • March 2020 brought an abrupt shift to work-from-home that necessitated, for many organizations,rapid deployment of cloud collaboration services, such as Microsoft Office 365 (O365).
  • Cybersecurity weaknesses—such as poor employee education on social engineering attacks and a lack of system recovery and contingency plans—have continued to make organizations susceptible to ransomware attacks in 2020.

Top 10 Most Exploited Vulnerabilities 2016–2019

U.S. Government reporting has identified the top 10 most exploited vulnerabilities by state, nonstate, and unattributed cyber actors from 2016 to 2019 as follows:

  • CVE-2017-11882
  • CVE-2017-0199
  • CVE-2017- 5638
  • CVE-2012-0158
  • CVE-2019-0604
  • CVE-2017-0143
  • CVE-2018-4878
  • CVE-2017-8759
  • CVE-2015- 1641
  • CVE-2018-7600



Categories: Cyber Security

Tags:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.