FBI, DHS și CISA – top 10 cele mai exploatate vulnerabilități

Cercetătorii de la Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS) și Cybersecurity & Infrastructure Security Agency (CISA) din SUA au publicat o listă cu cele mai exploatate vulnerabilități în perioada 2016-2019.

Conform raportului CISA, „o campanie concertată pentru remedierea acestor vulnerabilități ar interfera cu metodele de lucru ale hackerilor și i-ar obliga să se dezvolte sau să obțină exploit-uri mai scumpe și mai puțin eficiente”, se arată în raport.

În ultima vreme, multe organizații au trecut la lucrul de la domiciliu din cauza pandemiei COVID-19, iar în acest proces au fost configurate greșit multe din implementările Microsoft Office 365. Microsoft Object Linking and Embedding (OLE) este o tehnologie care permite ca documentele MS Office să înglobeze conținut din alte aplicații și este cel mai des atacată de hackeri.

A doua cea mai atacată tehnologie este „Apache Struts”, o platformă open-source, pentru crearea de aplicații web în Java EE.

CVE-2017-11882, CVE-2017-0199 și CVE-2012-0158 sunt cele mai exploatate vulnerabilități de securitate care au fost utilizate de grupurile de hackeri susținute de state. CVE-2019-19781 și CVE-2019-11510 sunt cele mai frecvent exploatate vulnerabilități în anul 2020.

Lista vulnerabilităților care au fost exploatate cel mai mult în perioada 2016-2019:

https://lh6.googleusercontent.com/--TG4edex9WHu7SrIbeWVmtjh4SviOntJgxFAoIg7S1VXOZZt_D17CtIy7EDJ_o2hw_KQ2IeIRa5nsMziPRhswfe2wJrSi77kdAtRWcMOglUX0GJp_InMioXeJtt0ei_wg
  • Vulnerable Products: Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Products
  • Associated Malware: Loki, FormBook, Pony/FAREIT
  • Fix: Microsoft fixed it in November 2017.
  • Mitigation: Have to update all the Microsoft products with the latest security patches.
  • IOCs: https://www.us-cert.gov/ncas/analysis-reports/ar20-133e
https://lh6.googleusercontent.com/--TG4edex9WHu7SrIbeWVmtjh4SviOntJgxFAoIg7S1VXOZZt_D17CtIy7EDJ_o2hw_KQ2IeIRa5nsMziPRhswfe2wJrSi77kdAtRWcMOglUX0GJp_InMioXeJtt0ei_wg
https://lh6.googleusercontent.com/--TG4edex9WHu7SrIbeWVmtjh4SviOntJgxFAoIg7S1VXOZZt_D17CtIy7EDJ_o2hw_KQ2IeIRa5nsMziPRhswfe2wJrSi77kdAtRWcMOglUX0GJp_InMioXeJtt0ei_wg
  • Vulnerable Products: Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1
  • Associated Malware: JexBoss
  • Fix: Oracle fixed it in September 2017.
  • Mitigation: Have to upgrade to ‘Struts 2.3.32 or Struts 2.5.10.1.’
  • IOC: ttps://www.us-cert.gov/ncas/analysis-reports/AR18-312A
https://lh6.googleusercontent.com/--TG4edex9WHu7SrIbeWVmtjh4SviOntJgxFAoIg7S1VXOZZt_D17CtIy7EDJ_o2hw_KQ2IeIRa5nsMziPRhswfe2wJrSi77kdAtRWcMOglUX0GJp_InMioXeJtt0ei_wg
https://lh6.googleusercontent.com/--TG4edex9WHu7SrIbeWVmtjh4SviOntJgxFAoIg7S1VXOZZt_D17CtIy7EDJ_o2hw_KQ2IeIRa5nsMziPRhswfe2wJrSi77kdAtRWcMOglUX0GJp_InMioXeJtt0ei_wg
https://lh6.googleusercontent.com/--TG4edex9WHu7SrIbeWVmtjh4SviOntJgxFAoIg7S1VXOZZt_D17CtIy7EDJ_o2hw_KQ2IeIRa5nsMziPRhswfe2wJrSi77kdAtRWcMOglUX0GJp_InMioXeJtt0ei_wg
  • Vulnerable Products: Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016
  • Associated Malware: Multiple using the EternalSynergy and EternalBlue Exploit Kit
  • Fix: Microsoft fixed it in March 2017.
  • Mitigation: Have to update all the Microsoft products with the latest security patches.
  • Details: https://nvd.nist.gov/vuln/detail/CVE-2017-0143
https://lh6.googleusercontent.com/--TG4edex9WHu7SrIbeWVmtjh4SviOntJgxFAoIg7S1VXOZZt_D17CtIy7EDJ_o2hw_KQ2IeIRa5nsMziPRhswfe2wJrSi77kdAtRWcMOglUX0GJp_InMioXeJtt0ei_wg
  • Vulnerable Products: Adobe Flash Player before 28.0.0.161
  • Associated Malware: DOGCALL
  • Fix: It was fixed by Adobe in February 2018.
  • Mitigation: Have to update the Adobe Flash Player installation to the latest version with the latest security patches.
  • IOCs: https://www.us-cert.gov/ncas/analysis-reports/ar20-133d
  • Vulnerable Products: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7
  • Associated Malware: FINSPY, FinFisher, WingBird
  • Fix: It was fixed by Microsoft in September 2017.
  • Mitigation: Have to update all the Microsoft products with the latest security patches.
  • IOCs: https://www.us-cert.gov/ncas/analysis-reports/ar20-133f
  • Vulnerable Products: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1
  • Associated Malware: Toshliph, UWarrior
  • Fix: Microsoft fixed it in April 2015.
  • Mitigation: Have to update all the Microsoft products with the latest security patches.
  • IOCs: https://www.us-cert.gov/ncas/analysis-reports/ar20-133m
  • Vulnerable Products: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1
  • Associated Malware: Kitty
  • Fix: The Drupal Community fixed it in March 2018.
  • Mitigation: Have to upgrade to the most recent version of Drupal, “Drupal 7 or Drupal 8.”
  • Detail: https://nvd.nist.gov/vuln/detail/CVE-2018-7600

www.cybersecuritynews.com