CONFERENCE Now Live: CISO Forum Virtual Summit - Join Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

U.S. Government Issues Alert on Most Exploited Vulnerabilities

Several Microsoft Office vulnerabilities that were patched years ago continue to be among the security flaws most exploited in attacks, the U.S. government warns.

Several Microsoft Office vulnerabilities that were patched years ago continue to be among the security flaws most exploited in attacks, the U.S. government warns.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) this week published an alert to provide guidance on some of the vulnerabilities that are most targeted in attacks.

The bugs, the alert underlines, are routinely exploited by foreign cyber actors in attacks targeting both the public and private sectors, and risks associated with them could be mitigated “through an increased effort to patch systems and implement programs to keep system patching up to date.”

Between 2016 and 2019, threat actors mainly attempted to compromise systems through vulnerabilities in Microsoft Office (CVE-2017-11882, CVE-2017-0199, CVE-2012-0158, CVE-2015-1641), Apache Struts (CVE-2017-5638), Microsoft SharePoint (CVE-2019-0604), Microsoft Windows (CVE-2017-0143), Microsoft .NET Framework (CVE-2017-8759), Adobe Flash Player (CVE-2018-4878), and Drupal (CVE-2018-7600).

Attacks attempting to exploit these security issues tried to deploy a broad range of malware families, including Loki, FormBook, Pony/FAREIT, FINSPY, LATENTBOT, Dridex, JexBoss, China Chopper, DOGCALL, FinFisher, WingBird, Toshliph, UWarrior, and Kitty, among others.

The three vulnerabilities that state-sponsored threat actors from China, Iran, North Korea, and Russia are abusing most frequently impact Microsoft Office and have been patched long ago: CVE-2017-11882, CVE-2017-0199, and CVE-2012-0158.

“According to U.S. Government technical analysis, malicious cyber actors most often exploited vulnerabilities in Microsoft’s Object Linking and Embedding (OLE) technology. OLE allows documents to contain embedded content from other applications such as spreadsheets. After OLE the second-most-reported vulnerable technology was a widespread Web framework known as Apache Struts,” the alert reads.

In 2015, the U.S. government assessed that CVE-2012-0158 was the most used in Chinese threat actors’ cyber operations, and the vulnerability continues to be widely used by these hackers.

Advertisement. Scroll to continue reading.

“This trend suggests that organizations have not yet widely implemented patches for this vulnerability and that Chinese state cyber actors may continue to incorporate dated flaws into their operational tradecraft as long as they remain effective,” the U.S. government says.

In 2020, in addition to the aforementioned vulnerabilities, threat actors started wide exploitation of virtual private network flaws (CVE-2019-19781 and CVE-2019-11510), Microsoft Office 365 misconfigurations, and cybersecurity weaknesses such as poor employee training on social engineering, and the lack of system recovery and contingency plans.

Related: Patching Pulse Secure VPN Not Enough to Keep Attackers Out, CISA Warns

Related: DHS Reiterates Recommendations on Securing Office 365

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Gant Redmon has joined Trustle as its new Chief Executive Officer and Board Director.

Application security firm Black Duck has appointed Sean Forkan as Chief Revenue Officer.

Jared Bartel has been named CISO at Idaho State University.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.