The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector organizations to place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors.
This alert provides details on vulnerabilities routinely exploited by foreign cyber actors—primarily Common Vulnerabilities and Exposures (CVEs)1—to help organizations reduce the risk of these foreign threats.
Vulnerabilities Exploited in 2020
In addition to the top 10 vulnerabilities from 2016 to 2019 listed above, the U.S. Government has reported that the following vulnerabilities are being routinely exploited by sophisticated foreign cyber actors in 2020:
- Malicious cyber actors are increasingly targeting unpatched Virtual Private Network vulnerabilities.
- March 2020 brought an abrupt shift to work-from-home that necessitated, for many organizations,rapid deployment of cloud collaboration services, such as Microsoft Office 365 (O365).
- Cybersecurity weaknesses—such as poor employee education on social engineering attacks and a lack of system recovery and contingency plans—have continued to make organizations susceptible to ransomware attacks in 2020.
Top 10 Most Exploited Vulnerabilities 2016–2019
U.S. Government reporting has identified the top 10 most exploited vulnerabilities by state, nonstate, and unattributed cyber actors from 2016 to 2019 as follows:
- CVE-2017-11882
- CVE-2017-0199
- CVE-2017- 5638
- CVE-2012-0158
- CVE-2019-0604
- CVE-2017-0143
- CVE-2018-4878
- CVE-2017-8759
- CVE-2015- 1641
- CVE-2018-7600