Remote work exploited without vpn patches
The US Cybersecurity and Infrastructure Security Agency (CISA) has delivered an educational report on the top took advantages of weaknesses of the 2020 and 2024 years. The report uncovers that most designated focuses for aggressors are the weaknesses that were delivered in the year after 2019 and related to remote work exploited without vpn patches access, VPN (Virtual Private Network) as well as cloud-based technologies.
Remote work exploited without vpn patches has become a common practice hacker are taking advantage of remote work-related vulnerabilities that were not patched and cyber-defenders have had to catch up with the regular software patching. If exploited, computers could be controlled by hackers employing remote code execution (RCE) as well as arbitrarily executed code as well as path traversal, and other methods.
Risks increase as remote Worker Needs Increase
The 12 vulnerabilities identified that are listed by CISA (Table 1) indicate that hackers often attack recently discovered remote workplace-related vulnerabilities. The top three vulnerabilities on the list are linked to Remote work exploited without VPN patches working, VPN, and cloud-based environments. Nine of the flaws were discovered in or after the year 2019.
Remote vulnerabilities related to work could be a draw for hackers in the year 2020. Cloud collaboration tools easily caused an error on security-related configurations.
As we have discussed in our annual security roundup in 2020 Virtual VPNs (VPNs) have become essential for businesses that want to expand and secure their network’s internal connections from threats external. A lot of organizations and users are using VPNs in their workplaces and private homes. Usage spiked in early 2020, and an early 2024 study indicated that 31 percent of Internet users have used VPN. Although the VPN is an effective security tool it also acts as an entry point for cyber-attacks. In reality, unpatched or obsolete VPNs are prone to hosting critical vulnerabilities and hackers can exploit these vulnerabilities to attack the systems of their targets.
Data illustrate the detection figures for some of the most well-known and widely-used VPN vulnerabilities in the year 2020 and into the first part of 2024. We discovered that there was an unexpected increase in the number of detections for CVE-2018-1379 at the beginning of January 2024 and even though the number of detections dropped in the later months, however, they were significantly higher than they were at the time last year. CVE-2018-1379 is a flaw within the Fortinet VPN product that allows users who are not authenticated to download system-related files using specially designed HTTP requests to resources.
CVE-2019-197781 is a great illustration of how attackers exploit the window that is not patched to exploit a flaw.
It is believed that the Citrix Netscaler Application Delivery Controller (ADC) flaw was among the most frequently exploited vulnerability in the year 2020. ADC is a load-balancing application that is used for applications, web, and database servers utilized across the United States. Devices that are not patched are susceptible to RCE as well as the entire system failure due to inadequate access controls, thereby allowing directory traversal.
CVE-2019-197781 was released in the last quarter of the year and was shortly thereafter attacked by numerous exploits. The exploits were distributed across a variety of countries including those in the United States, Colombia, Argentina as well as Switzerland. The attacks abated during the first half of 2024. There were under 7,000 attacks being detected using Trend Micro Intrusion Prevention System (IPS) solutions.
Old Vulnerabilities, Longtime Favorites
While new faces are emerging, however, some of the old vulnerabilities are still popular among attackers. CVE-2017-1882, CVE-2018-7600, and the CVE-2019- are among the list of the top 10 vulnerabilities in the “Most Exploited Vulnerabilities 2016-2019” Also, they made the top 10 for 2020.
For instance, CVE-2017-11882 an issue related to Microsoft’s Object Linking and Embedding (OLE) technology, has been an old favorite that has been associated with suspected cyber-attacks by state-sponsored hackers who originate in China, Iran, North Korea, and Russia. It’s not just because Microsoft Office is used in all parts of the world however, the majority of people don’t regularly update Office frequently with the latest patches. This leads to RCE on systems that are vulnerable. Although in the first quarter of 2024, even though the number of exploits is considerably lower than it was at its highest in 2019, it’s still a vulnerability with a high patch priority.
Read Also: Government probes clues VPN hacks within
CVE-2018-7600has has been the subject of several constant threats until 2024. This vulnerability is present in the open-source CMS Drupal. The weakness is available across numerous Drupal forms. Hackers can exploit it to run arbitrary code or take over servers. While exploits have decreased from the prior peak in 2019 and 2020, Trend Micro still detected more than 1.26 million exploits during the first half of 2024. The victims were located in Europe, the United States, Germany, and Canada.
