In today’s threat landscape, a wide array of cyber attacks are a given. Cybersecurity professionals have moved beyond antiquated measures taken under the impression of “if an attack will happen” and into demanding levels of preparedness centered around “when an attack will happen.” Sophisticated attackers are too numerous and too determined to find their efforts disrupted by mere perimeter defenses alone.
It should come as no surprise that cybersecurity and the global threat landscape continue to evolve at a rapid rate. Taking the minimum amount of security precautions is not enough and defenders must be well-equipped to handle constant change. It is of utmost importance security teams continually strategize regarding additional ways to defend against new security vulnerabilities, attack trends and cyber risks on the horizon.
Threat Landscape Top Vulnerabilities
In the first half of 2021, ZeroFox tracked vulnerability chatter across social media platforms, cybercriminal underground networks and covert communication channels to better understand the significance of sharing vulnerability data between researchers and threat actors. From April to June 2021, on Twitter, there were approximately 119,422 unique common vulnerabilities and exposure (CVE) references across 10,920 vulnerabilities. Many of these vulnerability mentions are automated and track various CVE sources for newly assigned vulnerabilities, like MITRE’s @CVEnew account. Most of these mentions are from the security research community, as well as news sources. Figure 1 shows the Top 10 most-discussed CVEs in this timeframe, while Figure 2 highlights the normalized volume of the same CVEs on a weekly basis captured by ZeroFox Threat Research.
Figure 2 shows an interesting trend regarding the dominance of the Top 10 vulnerabilities in social media conversations as the disclosure, patch and news cycles progress week by week. As an example, the week of April 2, 2021, is the only week this quarter when a Top 10 vulnerability (CVE-2018-13379) accounted for 100 percent of the conversation. CVE-2018-13379 was a Path Traversal vulnerability that affected FortiOS in Fortigate VPN Servers. In that same week, Kaspersky published a blog detailing threat actors who exploited a number of Fortigate VPN Servers and then deployed the Cring ransomware strain on victims. Two weeks later, the US government released an advisory detailing the use of this vulnerability by the Russian Foreign Intelligence Service, or APT 29, to break into systems. To show the efficacy of the news cycle surrounding vulnerabilities, ZeroFox Threat Research plotted each top vulnerability in Figure 3 with information on the week it “dominated” the conversation. The table also specifies the platform, actor information and the subsequent vulnerability that dethroned the current vulnerability.
At the time of this publication, CVE-2018-13379, CVE-28310 and CVE-2021-22893 were the only three vulnerabilities in the Top 10 most-engaged vulnerabilities that had reported actor usage. When searching for news related to these vulnerabilities, most of the research reported discussed the use of these vulnerabilities in a real-world attack. Every single vulnerability afterward did not have in-the-wild exploitation, but most of the news stories, blog posts and code sharing repositories shared scanning scripts and proof-of-concept (PoC) exploit code.
The ZeroFox Quarterly Threat Landscape Report
The vulnerabilities referenced above are just one of many that the Threat Research Team has detailed in our latest quarterly threat landscape report. Our team is committed to helping others join the battle by offering innovative solutions as well as timely and actionable information.
Report findings provide relevant information for both technical and non-technical readers. The report pulls from the collective intelligence of our highly skilled team, a vast array of data points and analysis of daily events observed at a global scale. This provides both situational awareness of the threat landscape as well as a broad view of the public attack surface, driving informed and actionable next steps in adapting your security posture where needed.
In our quarterly reports, the ZeroFox Threat Research team reviews threat trends and evolving risks; top vulnerabilities and exploits; industry-specific risks and considerations; as well as predictions and recommendations. Download the latest release and ensure you are aligned and prepared for what’s to come.