Have you ever wondered what vulnerabilities are exploited the most by threat actors? The answers you have been eagerly waiting for could be found inside a joint Cybersecurity Advisory (CSA) coauthored by the cybersecurity authorities of the United States (CISA), Australia (ACSC), Canada (CCCS), New Zealand (NZ NCSC), and the United Kingdom (NCSC-UK), plus the U.S. National Security Agency (NSA) and Federal Bureau of Investigation (FBI). In fact, the alert AA22-117A provides details on the Top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other frequently exploited CVEs.
Unsurprisingly, the usual suspects such as Log4Shell, and the different flavors of ProxyShell (CVE-2021-34523, CVE-2021-34473, and CVE-2021-31207) and ProxyLogon (CVE-2021-27065, CVE-2021-26858, CVE-2021-26857, CVE-2021-26855) are very well positioned in this unwelcome chart, but in general, the opportunistic and state-sponsored threat actors were still very busy over the course of 2021 exploiting virtually any possible vulnerability targeting internet-facing services.
Top 15 Routinely Exploited Vulnerabilities in 2021 (from AA22-117A)