+44 (0)203 88 020 88

Menu

Search

Cyber Security News & Articles

 

Cyber Security
News & Articles

Trusted Cyber Security Experts
25+ Years Industry Experience
Ethical, Professional & Pragmatic

Top 15 Most Exploited Vulnerabilities for 2021

The 15 most targeted security vulnerabilities of 2021 have just been published in a joint advisory from the NCSC.  These are the main ways hackers are attacking businesses around the world.

Cybersecurity authorities across multiple nations co-authored this publication to provide insight into the exploited vulnerabilities and offer mitigation strategies to deal with the identified risk.

Of the top 15, the majority are, unsurprisingly, found in internet-facing systems, such as Microsoft Exchange Server as well as virtual private network (VPN) servers. There was also continued exploitation of previously documented vulnerabilities, ranging from as early as 2018 to more recently identified exploits in 2020. This emphasises the need to patch software regularly. At a minimum, monthly patches are recommended to maintain continued security – given the speed at which malicious actors start to target new vulnerabilities once they are published.  Older vulnerabilities can also be avoided by not continuing to use software that is no longer supported by the providers. Proof of concept (POC) code was released within a few weeks of most of the identified vulnerabilities on this list, allowing more malicious actors to participate in these exploits.

The Top 15 Exploited Vulnerabilities

2021 was a bad year for Exchange admins, as Microsoft Exchange Server turns up eight times in the list – including six remote code execution (RCE) vulnerabilities, one of which was from 2020, and therefore could have been avoided by organisations implementing software patches more promptly. Four ProxyLogon vulnerabilities were an issue for Exchange, enabling the malicious actors to gain access to credentials, files and mailboxes stored on the servers. Three ProxyShell vulnerabilities were also exploited from the Microsoft Client Access Service (CAS) – another internet-facing, exposed service.

But the bad news for Microsoft isn’t over yet, as Microsoft Netlogon Remote Protocol (MS-NRPC) was the victim of an exploit of a ZeroLogon vulnerability, which utilised elevation of privilege to allow a malicious actor to connect through a vulnerable secure channel connection to a domain controller.

Apache Log4j, VMware vSphere Client and  Zoho ManageEngine AD SelfService Plus all suffered RCE vulnerabilities that were among the top 15 exploited in 2021. Attackers of Apache Log4j were able to control log messages and execute code through message lookup substitution. Malicious actors were allowed to have unrestricted privileges while executing commands on the vCenter Server host operating system for the VMware vSphere Client while ManageEngine AD SelfService Plus fell victim to an exploitation of an authentication bypass vulnerability.

A variety of unauthenticated attacker exploits round up the top 15 of 2021, such as through a path traversal vulnerability on Fortinet FortiOS and FortiProxy, where a restricted directory was not used to limit pathnames, so system files could be downloaded via HTTP resource requests. An exploited Atlassian Confluence Server and Data Center vulnerability allowed for arbitrary code execution by unauthenticated users. Arbitrary file reading by unauthenticated actors was also exploited this year, on the Pulse Secure Pulse Connect Secure products.

Mitigation Strategies

You have the patch – please install it

Approximately a quarter of these exploited vulnerabilities were older, previously identified, and therefore could have been protected against attack through available patches. This should be made a priority for organisations, as well as regular updates of all network assets, including software, operating systems, applications, and firmware. Setting up a centralised system for patch management will ensure patches are applied consistently and in a timely manner. A list of patch information for these top exploited vulnerabilities can be found in the appendix of the CISA report, here. 2021 Top Routinely Exploited Vulnerabilities | CISA As well as updates, end of life software needs to be replaced to maintain higher levels of security.

Watch for intrusions

Endpoint detection programmes search for known patterns of behaviour on a system and provide information on any abnormalities detected. Some systems not only report on these incidents, but also have the ability to not just detect but also prevent an exploit. It is therefore important to use endpoint detection and response (EDR) and security information and event management (SIEM) tools to help you spot the warnings that are always in the logs that an attack is underway.  Logging is important, but pointless if the logs are not being monitored. All abnormal activity should be noted through continuous monitoring of the attack service, which will help in identifying any suspicious activity or lateral movement across your network.

Get help if you need it

If you cannot keep up with all the patching and monitoring that your network needs, get help from someone who can. Either migrate in house servers into a managed cloud (where someone else does the patching for you) or bring in a firm to help run your infrastructure (a Managed Service Provider).  However, any risks associated with the introduction of another possible attack surface need to be carefully considered when using any third-party software, or services such as these.

Make MFA the Norm

Regular implementation across organisations of multi-factor authentication (MFA) for all users regardless of clearance level reduces risk, and this should be particularly focused on all VPN connections and applied across the board with no exceptions. If MFA is unavailable for your VPN connections, seriously consider getting a new VPN solution.  The principle of least privilege needs to be used when assigning access control to users, with the few privileged accounts being regularly reviewed and validated. Any privileged accounts that are not in use should be removed, and a check that this is being consistently followed should occur at least once per quarter.

Use Network Segmentation and Server Hardening as a firebreak

Network segmentation can allow for more control over what users and devices have access to each area of the network. This can be strengthened by disabling unused network services and devices.  Application allowlisting can reinforce this again and add an extra security layer between departments. Hardening of commonly exploited services can also be used as a preventative method of risk mitigation. Unused network ports and protocols, as well as those that are unnecessary for operations should be disabled, and all network devices properly configured.

While the top list of exploited vulnerabilities changes from year to year, the basic mitigations any business can put in place to protect against them does not really change.  If you are not sure where to start, then Cyber Essentials is a great first step for most businesses.

 

Photo: By Adrian Pingstone, Public Domain, https://commons.wikimedia.org/w/index.php?curid=71918549

 

 

Subscribe to our monthly newsletter today

If you’d like to stay up-to-date with the latest cyber security news and articles from our technical team, you can sign up to our monthly newsletter. 

We hate spam as much as you do, so we promise not to bombard you with emails. We’ll send you a single, curated email each month that contains all of our cyber security news and articles for that month.

Why Choose SecureTeam?

Customer Testimonials

“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”

Aim Ltd Chief Technology Officer (CTO)

"Within a very tight timescale, SecureTeam managed to deliver a highly professional service efficiently. The team helped the process with regular updates and escalation where necessary. Would highly recommend"

IoT Solutions Group Limited Chief Technology Officer (CTO) & Founder

“First class service as ever. We learn something new each year! Thank you to all your team.”

Royal Haskoning DHV Service Delivery Manager

“We’ve worked with SecureTeam for a few years to conduct our testing. The team make it easy to deal with them; they are attentive and explain detailed reports in a jargon-free way that allows the less technical people to understand. I wouldn’t work with anyone else for our cyber security.”

Capital Asset Management Head of Operations

“SecureTeam provided Derbyshire's Education Data Hub with an approachable and professional service to ensure our schools were able to successfully certify for Cyber Essentials. The team provided a smooth end-to-end service and were always on hand to offer advice when necessary.”

Derbyshire County Council Team Manager Education Data Hub

“A very efficient, professional, and friendly delivery of our testing and the results. You delivered exactly what we asked for in the timeframe we needed it, while maintaining quality and integrity. A great job, done well.”

AMX Solutions IT Project Officer

“We were very pleased with the work and report provided. It was easy to translate the provided details into some actionable tasks on our end so that was great. We always appreciate the ongoing support.”

Innovez Ltd Support Officer

Get in touch today

If you’d like to see how SecureTeam can take your cybersecurity posture to the next level, we’d love to hear from you, learn about your requirements and then send you a free quotation for our services.

Our customers love our fast-turnaround, “no-nonsense” quotations – not to mention that we hate high-pressure sales tactics as much as you do.

We know that every organisation is unique, so our detailed scoping process ensures that we provide you with an accurate quotation for our services, which we trust you’ll find highly competitive.

Get in touch with us today and a member of our team will be in touch to provide you with a quotation. 

0

No products in the basket.

No products in the basket.