Vulnerability is Exploited the Most
It is possible to find out which vulnerabilities are the most commonly exploited by hackers. A recent list from CISA, the US Cybersecurity and Infrastructure Security Agency, reveals the most common vulnerabilities targeted by hackers. In addition to CISA, other national agencies were involved in compiling this list, including the Australian Cyber Security Centre, the United Kingdom’s National Cyber Security Centre, and the U.S. Federal Bureau of Investigation.
There are several different CVE vulnerabilities that have been disclosed in recent years, but some have been around for years. According to a US government advisory, CVE-2018-13379, CVE-2019-11510, and CVE-2019-19781 were routinely exploited by hackers working for the Russian government. Meanwhile, CVE-2018-13379 was reportedly exploited by a different group of hackers, allowing ransomware operators to take control of production facilities.
According to a recent list by cybersecurity authorities, the Apache Log4j logging framework is vulnerable to remote code execution. By exploiting this vulnerability, a threat actor could gain control of a vulnerable system, including its operating system and database. The vulnerability was publicly disclosed in December 2021, but has only recently been exploited. The list ranks ProxyLogon and ProxyShell among the top exploited vulnerabilities.
Another high profile vulnerability was discovered in April by Atlassian, which owns the Confluence software family. This vulnerability enables attackers to bypass authentication and inject malicious OGNL commands in order to take control of an unpatched system. In addition to exploiting the confluence server, a malicious user could also use a Confluence server to deploy ransomware and cryptocurrency mining software. While these exploits are not widespread, they are dangerous and can lead to catastrophic consequences.
A third vulnerability is more widespread, but is not necessarily bad. It is more likely to be exploited in a software system. Fortunately, there are solutions for both. For instance, the COVID-19 pandemic has led many organizations to use untested remote access systems that are still incomplete. For these reasons, this vulnerability was the most exploited vulnerability in 2020. The list continues to grow as new vulnerabilities are discovered.
Which Vulnerability is Exploited the Most?
Microsoft Exchange servers are prone to a series of vulnerabilities called ProxyShell. The ProxyShell vulnerability allows a malicious user to bypass authentication. Another vulnerability is CVE-2021-31207. It enables an attacker to elevate privileges and execute arbitrary code on an affected server. The ProxyShell vulnerabilities were discovered in April 2021. The vulnerability allowed hackers to exploit thousands of Microsoft servers.
The second vulnerability that is most commonly exploited is the Log4Shell vulnerability, which affects Apache’s Log4j web server. While the company released a patch to address the vulnerability in December, attackers soon began scanning for vulnerable instances on the internet. Another vulnerability, ProxyLogon, allows an unauthenticated attacker to execute arbitrary code. The attacker may also gain persistent ccess to emails and files.
While the exploitation of one vulnerability can be damaging to a system, the most common way for sensitive data to reach the wrong hands is by user error. A single user’s password or credentials can allow a malicious actor to pretend to be the original user. Without a password, a computer is much more vulnerable to attack. So, it is crucial to secure passwords and change them regularly. The most exploited vulnerability is the one with the highest impact on your computer system.