:strip_exif()/i/1149088707.gif?fit=%2C&ssl=1)
Vulnerabilities in VPN and work-from-home services have been the most attacked of all known bugs in the past year and a half, several government security authorities say. These include bugs in Citrix and in the Pulse and Fortinet VPNs.
The data was released by the US Cybersecurity and Infrastructure Security Agency or CISA, and comes from various authorities such as the FBI and the national cybersecurity centers of Australia and the United Kingdom. The agency has compiled a list of the 12 vulnerabilities most attacked by criminals since early 2020.
It concerns bugs in Citrix, among others, which were also used last year many Dutch companies and government institutions suffered from. Also two vulnerabilities in VPN services Pulse Secure and Fortigate were frequently attacked. Other popular targets, in addition to Windows, were vulnerabilities in Atlassian and Netlogon.
In most cases, these were serious vulnerabilities that could cause a lot of damage. In eight cases it concerned a remote code execution, and in two cases to a local privilege escalation. Also were a path traversal possible, and a arbitrary file reading.
The CISA says that since the start of the corona pandemic, criminals have increasingly focused on software that works from a distance. According to the agency, the crisis put increasing pressure on system administrators and defenders to be able to patch in time. Because criminals still target existing vulnerabilities, it remains easy for them to attack systems, according to the CISA. Their use of known vulnerabilities makes attribution more difficult, lowers costs and risks because they don’t have to invest in developing zero-day exploits that only they can use.
According to the agency, many companies are still vulnerable. The list is therefore intended as a warning. System administrators should use it to “fix the most common vulnerabilities,” according to the CISA.
–
