In the world of cybersecurity, every year brings new threats and new ways to combat them. As our connected devices grow in number and sophistication, so does the digital threat landscape—more vulnerable devices means more potential security breaches and subsequent damage caused by malware, ransomware, and other attacks on systems with weak or missing defenses. With that in mind, cybersecurity authorities have issued alert AA22-117A, which provides information on the common cybersecurity vulnerabilities and exposures (CVEs) that are most frequently used and exploited by malicious cyber actors.
In 2021, more than 3,000 new vulnerabilities were discovered and till date 700 more vulnerabilities have been discovered. As malicious cybercriminals continue to exploit vulnerabilities, it is becoming a dreadful challenge for the industry experts to keep up the security patches for each vulnerability. Since we cannot encapsulate all the vulnerabilities, in this article, we will cover the top 5 exploited cybersecurity vulnerabilities of 2021.
1- CSV Injection
Used by malicious cyber actors to compromise a network and steal data. A hacker can also use it to gain access to sensitive information, such as login credentials, passwords and private encryption keys. By uploading a specially-crafted CSV file containing malicious commands into an application that uses CSV files for import or export operations, attackers can inject malicious code into the system’s memory and gain control over it. Commonly exploited CSV injection vulnerabilities include CVE-2014-3524, CVE-2018-9035, CVE-2022-22121 and so on.
2- Authentication Bypass with Malicious File Execution (Windows Host)
CVE-2018-11729 is a vulnerability in Microsoft Windows operating systems (all versions) and affects Remote Desktop Services. The vulnerability allows an attacker to bypass authentication and execute commands with user privileges. Successful exploitation requires human interaction. The vulnerability exists because Windows fails to validate file paths before loading them in memory for remote processes run through Remote Desktop Services, aka Remote Desktop Protocol Elevation of Privilege Vulnerability.
An attacker who successfully exploited this vulnerability could execute arbitrary code on a target system. The update addresses the vulnerability by correcting how Windows validates file paths before loading them in memory for remote processes run through Remote Desktop Services.
3- Unvalidated Redirects and Forwards
As organizations upgrade their web applications, they can sometimes neglect to check for unvalidated redirects and forwards (URLs). This leaves an opening for attackers who inject malicious redirects into web pages; unfortunately, most crawlers will follow these links automatically. The result? Malicious actors can use fake login portals to collect user credentials and other valuable information. This vulnerability is also known as URL redirecting or open redirects and is classified as CWE-601.
To mitigate risks associated with unvalidated redirects and forwards, look for vulnerabilities in your web application code or consider using a vulnerability scanner.
4- XML External Entities Injection
CVE-2015-2334 is a security bug that affects applications which incorrectly parse XML data. By providing specially crafted XML documents, malicious users can exploit this vulnerability to execute arbitrary code and to elevate privileges in vulnerable systems. The elevation of privileges allows malicious users to further gain control over the compromised system, execute arbitrary code or alter applications’ functionality. An attacker would need some knowledge about application internals in order to leverage this vulnerability for their own benefit.
5- Zero-day Vulnerabilities
The concept of zero-day vulnerabilities — exploits for which there is no known fix — has been around for years now. But now, with more and more networks connecting to each other and providing remote access to users, zero-day exploits have come into vogue as security researchers find vulnerabilities in applications that are being used by more people. This has resulted in a gold rush for hackers and malicious actors who are constantly on the hunt for these vulnerabilities, so they can develop malware or phishing campaigns targeting new victims.
Most commonly exploited zero-day vulnerabilities in 2021 include CVE‑2022‑29117, CVE‑2022‑23267 and CVE‑2022‑29145 among others.
Conclusion
The increasing number of personal devices that are connected to a network and being used for business use has given cybercriminals more opportunities to exploit vulnerabilities in those devices. Businesses need to make sure that they’re protecting their employees from threats at home as well as work, so security at home is another area that should be addressed. There are many ways for businesses to protect their endpoints: They can configure their firewalls and intrusion prevention systems (IPS) to inspect traffic leaving an endpoint and leverage encryption technologies. However, teaching the employees and raising awareness regarding cybersecurity will remain the key to building a secure digital space.
