BLOG

Today’s Threat Landscape: Vulnerabilities and Exploits of 2021

4 minute read

In today’s threat landscape, a wide array of cyber attacks are a given. Cybersecurity professionals have moved beyond antiquated measures taken under the impression of “if an attack will happen” and into demanding levels of preparedness centered around “when an attack will happen.” Sophisticated attackers are too numerous and too determined to find their efforts disrupted by mere perimeter defenses alone.

It should come as no surprise that cybersecurity and the global threat landscape continue to evolve at a rapid rate. Taking the minimum amount of security precautions is not enough and defenders must be well-equipped to handle constant change. It is of utmost importance security teams continually strategize regarding additional ways to defend against new security vulnerabilities, attack trends and cyber risks on the horizon.

Threat Landscape Top Vulnerabilities 

In the first half of 2021, ZeroFox tracked vulnerability chatter across social media platforms, cybercriminal underground networks and covert communication channels to better understand the significance of sharing vulnerability data between researchers and threat actors. From April to June 2021, on Twitter, there were approximately 119,422 unique common vulnerabilities and exposure (CVE) references across 10,920 vulnerabilities. Many of these vulnerability mentions are automated and track various CVE sources for newly assigned vulnerabilities, like MITRE’s @CVEnew account. Most of these mentions are from the security research community, as well as news sources. Figure 1 shows the Top 10 most-discussed CVEs in this timeframe, while Figure 2 highlights the normalized volume of the same CVEs on a weekly basis captured by ZeroFox Threat Research. 

Figure 1: Top 10 CVEs talked about on social media
Source: ZeroFox Threat Research
Figure 1: Top 10 CVEs talked about on social media
Source: ZeroFox Threat Research
Figure 2: Top 10 CVEs, normalized by volume, throughout each week of the quarter
Source: ZeroFox Threat Research
Figure 2: Top 10 CVEs, normalized by volume, throughout each week of the quarter
Source: ZeroFox Threat Research

Figure 2 shows an interesting trend regarding the dominance of the Top 10 vulnerabilities in social media conversations as the disclosure, patch and news cycles progress week by week. As an example, the week of April 2, 2021, is the only week this quarter when a Top 10 vulnerability (CVE-2018-13379) accounted for 100 percent of the conversation. CVE-2018-13379 was a Path Traversal vulnerability that affected FortiOS in Fortigate VPN Servers. In that same week, Kaspersky published a blog detailing threat actors who exploited a number of Fortigate VPN Servers and then deployed the Cring ransomware strain on victims. Two weeks later, the US government released an advisory detailing the use of this vulnerability by the Russian Foreign Intelligence Service, or APT 29, to break into systems. To show the efficacy of the news cycle surrounding vulnerabilities, ZeroFox Threat Research plotted each top vulnerability in Figure 3 with information on the week it “dominated” the conversation. The table also specifies the platform, actor information and the subsequent vulnerability that dethroned the current vulnerability.

Figure 3: Table of vulnerability chatter dominance on social media by week in Q2 2021
Source: ZeroFox Threat Research
Figure 3: Table of vulnerability chatter dominance on social media by week in Q2 2021
Source: ZeroFox Threat Research
Source: HIDDEN COBRA/North Korea Reference

At the time of this publication, CVE-2018-13379, CVE-28310 and CVE-2021-22893 were the only three vulnerabilities in the Top 10 most-engaged vulnerabilities that had reported actor usage. When searching for news related to these vulnerabilities, most of the research reported discussed the use of these vulnerabilities in a real-world attack. Every single vulnerability afterward did not have in-the-wild exploitation, but most of the news stories, blog posts and code sharing repositories shared scanning scripts and proof-of-concept (PoC) exploit code.

The ZeroFox Quarterly Threat Landscape Report

The vulnerabilities referenced above are just one of many that the Threat Research Team has detailed in our latest quarterly threat landscape report. Our team is committed to helping others join the battle by offering innovative solutions as well as timely and actionable information.  

Report findings provide relevant information for both technical and non-technical readers. The report pulls from the collective intelligence of our highly skilled team, a vast array of data points and analysis of daily events observed at a global scale. This provides both situational awareness of the threat landscape as well as a broad view of the public attack surface, driving informed and actionable next steps in adapting your security posture where needed.

In our quarterly reports, the ZeroFox Threat Research team reviews threat trends and evolving risks; top vulnerabilities and exploits; industry-specific risks and considerations; as well as predictions and recommendations. Download the latest release and ensure you are aligned and prepared for what’s to come.

Download the Quarterly Threat Landscape Report

Get
Started

Stay Informed

Best practices, the latest research, and breaking news, delivered right to your inbox.