Cybersecurity Advisory: Top Exploited Vulnerabilities To Be Aware Of

It’s no secret that cybercrime is on the rise—both here in the United States and around the world. Studies showed that Americans lost over $4.1 billion to cybercrimes in 2020. But hold onto your hats—this staggering statistic pales in comparison to what experts think is coming next.

According to recent reports like the one from Cybersecurity Ventures, global cybercrime will cost the world over $10.5 trillion annually by 2025. This industry will be more profitable than the worldwide trade of all major drugs combined. Yes, you read that right… more lucrative than global drug trafficking! Do we have your attention yet?

Cybercriminals can be described in many different ways: sneaky, cunning, shrewd, and maleficent are a few words that first come to mind. But the quintessential characteristic of any modern-day cyber attacker is persistent. Cyber actors look to capitalize on exterior loopholes, discover flaws in software, and compromisable legacy systems. As you can probably tell, they’ll do almost anything to exploit and wreak havoc on your business.

Why Hackers Love Procrastination—And What You Can Do to Fight It

Interested in more effectively protecting your organization from external attacks? Take a look at this latest report that was published by the Joint Cybersecurity Advisory featuring agencies from around the world, which sheds light on top routinely exploited common vulnerabilities and exposures (CVEs) in 2020. Here are some of our most important findings from the report.

Impact of remote work

In 2020, four of the most targeted vulnerabilities affected either remote work, VPNs, or cloud-based technologies. As employees began working from the confines of their homes during the pandemic, an immense strain was placed on IT departments to support and expand perimeter cybersecurity measures. Because of overburdened and overworked staff, there was an initial struggle to establish proper safety protocols that would keep employees out of harm’s way. As such, cybercriminals targeted these vulnerabilities. Vendors like Citrix, Pulse, Fortinet, and F5’s BIG-IP were some of the most regularly exploited CVEs in cybercrimes last year.

Continued perimeter threats 

New year, new approach from cybercriminals? Not so fast. According to the report, hackers continued to target vulnerabilities in perimeter-type devices in 2021. Some of the most highly exploited vendors have been Microsoft, Pulse, Accellion, VMware, and Fortinet. These organizations have been forced to undergo significant remediation periods to mitigate the damage from these attacks and reduce any further chance of exploitation. Performing patches on the CVEs that were in the crosshairs of cybercriminals should be a considerable priority.

Need for multi-factor authentication

A common exploitation method for cyber attackers is targeting weak authentication processes among external-facing devices. To provide ample security for your organization, companies must seriously consider the implementation of multi-factor authentication to enable their employees to safely access networks from external sources. By instituting an extra layer of security into your normal log-in process, your organization can more effectively keep hackers and scammers at bay.

Staying cyber-safe in the future

A general rule of thumb for companies to mitigate their external vulnerabilities: update your programs and software when vendor-approved patches become available. These fixes are often released to repair CVEs that had been exploited. Explore controllable automatic software updates, if available, to ensure that you do not neglect to download these patches that will keep your organization secure.

Interested in learning how you can enhance your cybersecurity measures and keep your company out of harm’s way from cybercriminals? Check out these steps to ensure you are shielded from a cyberattack.

Discover more about Lume’s complete suite of cybersecurity services here.

This blog was written by Michael Hensley, Lume’s Director of Professional Services.