Whether old or new, which vulnerabilities should you be on the lookout for this year? IBM X-Force gives you the answers in this guide to the top cybersecurity threats of 2020.
Finding and exploiting vulnerabilities
According to the X-Force Threat Intelligence 2021 Index, finding and exploiting vulnerabilities has become the primary infection vector of 2020. In other words, attackers are finding that finding unpatched issues or common vulnerabilities and exposures (CVEs) on networks and exploiting these vulnerabilities has become the most common method. It is also said to be the most effective way to gain initial access to a network.
This method has surpassed phishing and appears to have largely replaced credential theft, which was known to have been the most reliable method for attackers to infiltrate a network.
The state of current vulnerabilities
The CVE allows identify all vulnerabilities and threats related to the security of information systems with each vulnerability being assigned its own identity. The CVE-2019-19871 for example is a vulnerability in Citrix Application Delivery Controller and Gateway. It was by far the most exploited vulnerability in 2020according to X-Force data.
Despite the prevalence of this relatively recent vulnerability, the list of the 10 most exploited vulnerabilities of 2020 was dominated by older security issues. Only two vulnerabilities in the top 10 were discovered in 2020. The number of new vulnerabilities identified each year has grown steadily since 1988, with 17,992 new vulnerabilities identified in 2020 and a total of 180,171 vulnerabilities identified through the end of 2020.
Since cybersecurity vulnerabilities from previous years continue to pose a threat to organizations that have not yet patched them, this cumulative effect of vulnerabilities increases the opportunity for attacks each year for hackers. According to cybersecurity experts, it is important to identify and fix vulnerabilities quickly. These gateways to a network must be closed quickly, methodically and effectively to prevent hackers from keeping that advantage they seem to have gained throughout 2020.
Persistent vulnerabilities without patching
CVE-2006-1547 and CVE-2012-0391, Apache Struts vulnerabilitiesare two examples of persistent problems that affected organizations in 2020. These are the third and fourth on the list of most exploited vulnerabilities in 2020. These vulnerabilities have been known for 15 and 9 years, respectively, and remedies have been available for a long time.
Nevertheless, they remain too often uncorrected. As a result, there is no shortage of attempts by attackers to exploit them. The number of new vulnerabilities continues to increase each year and some older vulnerabilities remain viable entry points, increasing attack options exponentially.
Top 10 CVEs of 2020
IBM Security X-Force has ranked the top 10 CVEs of 2020 based on the Frequency with which threat actors exploited or attempted to exploit them. The ranking is based on IBM X-Force Incident Response (IR) and IBM Managed Security Services (MSS) data for 2020. The results of the study show that attackers focused on common enterprise applications and open source frameworks that many companies use in their networks.
- CVE-2019-19871: Citrix Application Delivery Controller (ADC)
- CVE-2018-20062: No Remote Code Execution ThinkPHP CMS
- CVE-2006-1547: ActionForm in Apache Software Foundation (SAF) Struts
- CVE-2012-0391: ExceptionDelegator component in Apache Struts
- CVE-2014-6271: GNU Bash command injection
- CVE-2019-0708: “Bluekeep” Microsoft Remote Desktop Services Remote Code Execution
- CVE-2020-8515: Draytek Vigor command injection
- CVE-2018-13382 and CVE-2018-13379: incorrect authorization and path traversal in Fortinet FortiOS
- CVE-2018-11776: Apache Struts remote code execution
- CVE-2020-5722: HTTP: SQL injection Grandstream UCM6200
Top 3 vulnerabilities of 2020 in detail
This CVE, disclosed in December 2019, applies to Citrix ADC, Citrix Gateway, and NetScaler Gateway. The vulnerability allows an attacker toExecute arbitrary code on a Citrix server or download additional payloadssuch as Trojan backdoors for command execution and password forcing.
This vulnerability appeared repeatedly in IBM’s incident response engagements, particularly in the first half of 2020. In fact, it represented a single 25% of all compromises X-Force saw in the first quarter of 2020. It also appears in 59% of all patched X-Force attacks as of January 2020.
In fact, the attackers have exploited it 15 times more than any other used in X-Force incident response engagements. In addition, IBM security services have frequently observed alerts showing that attackers are attempting to exploit this cybersecurity vulnerability.
The CVE-2018-20062 allows attackers to execute arbitrary PHP code. X-Force analysts have observed that it is widely used to targeting IoT devices. This coincides with an increase in attacks against the IoT in 2020, as revealed by IBM Network data. The exploitation of CVE-2018-20062 has been linked to the deployment of a wide variety of malware, including the SpeakUp backdoorthe Mirai botnet and various crypto-currency attacks.
ThinkPHP is an open-source PHP framework. And while this vulnerability was patched on December 8, 2018 with ThinkPHP versions 5.0.23 and 5.1.31, another version was released on December 11, 2018 and continues to attract attackers trying to take advantage of it. The difficulty in identifying and patching IoT devices may contribute to their vulnerability.
This vulnerability, discovered 15 years agoallows an attacker to cause a denial of serviceincluding a crash of the Struts web application or even the inability to access confidential information. Apache Struts is an open source framework commonly used to build Java web applications. Attackers have recognized the opportunities presented by the widespread use of this framework and have capitalized on several Apache Struts vulnerabilities.
The increased use of this dated vulnerability highlights the importance of scanning web applications for unpatched vulnerabilities and pay particular attention to older web applications built with deprecated frameworks.
What about unknown vulnerabilities?
Vulnerabilities that have not yet been made public and potentially exploitable through zero-day exploits continue to pose a threat to enterprise networks. Penetration testing has the potential to uncover previously unknown vulnerabilities. Yet, overall, X-Force observes that known cybersecurity vulnerabilities with known mitigation options continue to pose the greatest threat to organizations, compared to zero-day exploits.
While organizations may not always be able to control the exploitation of unknown vulnerabilities on their network, they can take structured action against known vulnerabilities. Vulnerability management services that identify, prioritize and remediate existing vulnerabilities can help organizations improve the security of their most critical assets.