The cybersecurity authorities of the Five Eyes alliance, which includes the United States, Australia, Canada, New Zealand, and the United Kingdom, in collaboration with the FBI, CISA, and NSA, have released a list of the 12 most exploited security vulnerabilities of 2022. They are urging organizations worldwide to address these security flaws and establish patch management systems to reduce their susceptibility to potential cyberattacks.
In 2022, cyber threat actors shifted their focus to exploiting outdated software vulnerabilities rather than recently disclosed ones. The primary targets were systems that were left unpatched and exposed on the internet. The joint advisory statement read, "In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems." The advisory also noted that proof of concept (PoC) code was publicly available for many of these vulnerabilities, likely making it easier for a wider range of malicious cyber actors to exploit them.
Despite the Common Vulnerabilities and Exposures (CVE) Program publishing over 25,000 new security vulnerabilities by the end of 2022, only five vulnerabilities were included in the list of the top 12 most exploited flaws. The most exploited security vulnerability was CVE-2018-13379, a Fortinet SSL VPN vulnerability fixed in May 2019, which was exploited by state hackers to breach U.S. government election support systems.
To safeguard their systems and lower the risk of a breach, the agencies involved in authoring the advisory urged vendors, designers, developers, and end-user organizations to implement the mitigation measures outlined in the advisory. MITRE also revealed a list of the 25 most prevalent and dangerous software weaknesses that have persisted over the last two years. Additionally, CISA and the FBI released a list of the top 10 most exploited security flaws between 2016 and 2019.
Neal Ziring, the Technical Director for NSA's Cybersecurity Directorate, warned, "Organizations continue using unpatched software and systems, leaving easily discovered openings for cyber actors to target. Older vulnerabilities can provide low-cost and high impact means for these actors to access sensitive data."