National cyber security agencies reveal the most exploited vulnerabilities of 2022

The latest security advisory from the UK's National Cyber Security Centre and its partners in the Five Eyes alliance reveals an alarming trend in cybercriminal activity. It seems cybercriminals are increasingly using older vulnerabilities over recently disclosed flaws for their activities. To shed light on this concerning development, the advisory publicly lists the top 12 most commonly exploited vulnerabilities in 2022, with several of them having also appeared on the previous year's list.

The findings offer valuable insights into the strategies behind cyber-attacks and raise questions about the apathy shown by organisations in patching security flaws affecting their software and equipment. The ease with which cybercriminals can exploit these vulnerabilities underscores the importance of prompt and thorough patching to prevent potential breaches.

Lisa Fong, deputy director-general at New Zealand’s National Cyber Security Centre, stressed the foundational aspect of cybersecurity and emphasized the significance of understanding assets and rapidly applying patches when available. Neglecting to take action leaves organizations vulnerable to cyber threats, potentially leading to unauthorised access and data breaches.

The advisory highlights a critical period in which vulnerabilities are most susceptible to exploitation. Cyber invaders generally have the greatest triumph in the first two years after public disclosure of a vulnerability. During this time, they can capitalise on organisations that have not yet applied patches or upgraded their software. As a result, the value of these vulnerabilities gradually diminishes over time as organisations take measures to secure their systems.

Security agencies strongly advise organisations to apply patches on time to thwart cyber criminals' efforts. By doing so, organisations can force attackers to explore other, potentially more complex and costly, avenues of attack. Some alternatives include the development of zero-day exploits or conducting sophisticated software supply chain attacks. Swiftly applying patches ensures that cybercriminals do not gain access to information about exposed systems, thereby limiting their opportunities for exploitation.

The 2022 list of most commonly exploited vulnerabilities includes several recurring issues from previous years. Among them is CVE-2018-13379, affecting Fortinet SSL VPNs, which had been exploited as early as 2020. Its continued presence on the list indicates that many organisations have failed to implement available patches effectively.

Another set of vulnerabilities, collectively known as ProxyShell (CVE-2021-34473, CVE-2021-31207, and CVE-2021-34523), affected Microsoft Exchange email servers and garnered significant attention from cybercriminals. CVE-2021-40539, a remote code execution flaw in Zoho ManageEngine ADSelfService Plus, was first exploited in late 2021 and continued to be a target into 2022.

Additionally, CVE-2021-26084, a vulnerability in Atlassian's Confluence Server and Data Center collaboration tools, saw mass exploitation attempts in late 2021. Meanwhile, Log4Shell (CVE-2021-44228), affecting Apache's Log4j library, drew high interest from attackers during the first half of 2022.

Vulnerabilities in VMware's products (CVE-2022-22954 and CVE-2022-22960) allowed for remote code execution, privilege escalation, and authentication bypass. Exploits were observed throughout 2022. Other exploited vulnerabilities included CVE-2022-30190 impacting the Microsoft Support Diagnostic Tool, CVE-2022-26134, a critical remote code execution flaw in Atlassian Confluence and Data Center, and CVE-2022-1388, enabling attackers to bypass iControl REST validation on F5 BIG-IP security software.

To tackle this escalating threat landscape effectively, security agencies urge organisations to prioritize the timely mitigation of these vulnerabilities. In conjunction, technology providers must commit to secure-by-design principles, actively reducing the prevalence of these vulnerabilities to enhance overall cybersecurity.

The consequences of failing to address these vulnerabilities promptly extend beyond individual organisations. The prevalence of unpatched vulnerabilities motivates attackers to develop sophisticated tools for faster and broader attacks. These tools can be sold to other cybercriminals and be used for years if the vulnerabilities remain unaddressed.