Top 10 most exploited vulnerabilities from 2016 to 2019 as follows: CVE-2017-11882, CVE-2017-0199, CVE-2017-5638, CVE-2012-0158, CVE-2019-0604, CVE-2017-0143, CVE-2018-4878, CVE-2017-8759, CVE-2015-1641, and CVE-2018-7600.
Microsoft's Object Linking and Embedding (OLE) technology: allows documents to contain embedded content from other applications such as spreadsheets.
After OLE the second-most-reported vulnerable technology was a widespread Web framework known as Apache Struts.
The three vulnerabilities used most frequently across state-sponsored cyber actors from China, Iran, North Korea, and Russia are CVE-2017-11882, CVE-2017-0199, and CVE-2012-0158 are related to Microsoft’s OLE technology.
As of December 2019, Chinese state cyber actors were frequently exploiting the same vulnerability—CVE-2012-0158.
Top 10 most exploited vulnerabilities from 2020 as follows:
- Virtual Private Network vulnerabilities under the target of malicious cyber attackers.
- An arbitrary code execution vulnerability in Citrix VPN appliances, known as CVE-2019-19781, has been detected in exploits in the wild.
- An arbitrary file reading vulnerability in Pulse Secure VPN servers, known as CVE-2019-11510, continues to be an attractive target for malicious actors.
- March 2020 brought an abrupt shift to work-from-home that necessitated, for many organizations, rapid deployment of cloud collaboration services, such as Microsoft Office 365 (O365). Malicious cyber actors are targeting organizations whose hasty deployment of Microsoft O365 may have led to oversights in security configurations and vulnerable to attack.
- Cybersecurity weaknesses, poor employee education on social engineering attacks and a lack of system recovery and contingency plans—have continued to make organizations susceptible to ransomware attacks in 2020.
Mitigations for the Top 10 Most Exploited Vulnerabilities 2016–2019