CSW experts compiled the list of vulnerabilities that were highly searched in Google and came up with top 10 CVEs. Here are our insights as to why they trended –
-
8 out of 10 CVEs are RCE vulnerabilities
-
7 CVEs are associated with 24 ransomwares. Notable among them are Cerber, Petya, Ryuk, Locky, Wannacry, Samsa, Satan etc.
-
4 vulnerabilities are being used by 27 APT Groups. Two APT groups are known to be Chinese state actors (APT41 & Cycldek). CVE-2017-11882 and CVE-2017-0199 are being used by 14 APT groups each
-
Among the top 10 is CVE-2017-5638 – the infamous Apache Struts vulnerability, responsible for Equifax Data Breach in 2017.
-
CVE-2019-0708 – a RCE vulnerability is present in 349K active targets
Exposure Analysis & Scanners
CVE-2017-5638 – a RCE vulnerability in Apache struts was found trending in 2020. This vulnerability was used to breach into Equifax and expose personal information of 147 million people.
CVE-2017-0143, another RCE vulnerability that exists in Windows Server 2012 is used by 136K computers around the globe.
Click here to download the exposure data
Foundational Code Weakness
Four out of ten vulnerabilities are categorized under CWE-20 (Improper input validation) spotlighting what developers ought to keep in mind while writing their code.
Ransomware, APT Groups & Malware
Seven Vulnerabilities are associated with 24 ransomware strains and they have been spotlighted in our recently published Ransomware 2021report.
Notable among them are Cerber, Petya, Ryuk, Locky, Wannacry, Samsa, Satan etc. Out of the seven CVE-2017-0143 and CVE-2017-11882 are associated with 10 and 8 ransomware strains respectively.
Four CVEs (CVE-2017-11882, CVE-2017-0199, CVE-2017-0143, CVE-2018-7600) are being used by 27 APT groups. China, Russia, North Korea and Iran were some of the nation states that are controlling these APT groups.
CVE-2017-11882 and CVE-2017-0199 are being used by 14 APT groups each, to infiltrate into critical organizations and mount targeted attacks resulting in exposure of proprietary and sensitive information.
A Pentester’s Perspective
CVE-2019-5544 (CVSSv3 9.8) is an interesting vulnerability that exists in VMware products (ESXI, Enterprise Linux Desktop, Enterprise Linux Server Aus etc.).This CVE is used as a Ransomware chain along with another critical CVE (CVE-2020-3992) to exploit virtual hard disks.
CVE-2020-0549 is a medium severity weakness that exists in Intel products and this vulnerability is capable of resurrecting private browsing history details, passwords etc. This CVE was widely searched because this weakness was discovered in 2020 and it affects desktop, laptop, cloud computers, physical servers that use intel processor generations released from 2011 onwards.
CVE-2020-2555 – RCE bug in Oracle products has a score of 9.5 and is red-flagged by National Security Agency (NSA) as they are used by Chinese APT groups.
Are you vulnerable to these CVEs? Click here to download patches
8 out of 10 vulnerabilities searched in 2020 are old weaknesses ranging from 2017 onwards which highlights their long shelf life. The fact that these vulnerabilities are being used by a large number of ransomware families and APT groups is a cause for concern and the fact that they were widely searched in google is very telling. For organizations and critical entities, patching these vulnerabilities on priority is critical.
Proactive patching is the need of the hour and that can be achieved through an ASM tool that would reveal blind spots, gaps and forgotten legacy systems.