Five Eyes List Most Exploited Vulnerabilities
The Five Eyes countries – Australia, New Zealand, Canada, the UK, and the US – have published a list of the top 15 most routinely exploited vulnerabilities in 2021. The list includes the Log4Shell vulnerability and the ProxyShell and ProxyLogon vulnerabilities.
Note the dominance of Microsoft Exchange. Currently, one of the most impactful security initiatives may be to move away from Exchange or at least substantially reduce its exposure.
The report points out that the majority of the top 15 CVEs were exploited within two weeks of disclosure – monthly patching is not fast enough. The Atlassian exploitation rate jumped to near the top after a proof-of-concept exploit was released – reports of POC attack code should be triggers for immediate action. The Mitigations section has action recommendations specific to the top vulnerabilities.
Life moves pretty fast these days, and there isn't a lot of time to contemplate what to remediate. Key off of actively exploited and POC's being available. Consider requiring critical vulnerabilities be addressed in 7-10 days. Don't accept workarounds as permanent fixes: require a timeline for deploying the complete fix, with appropriate consequences for failure to execute, then follow-up. Make sure that you're subscribed to the CISA alerts, in addition to your other threat feeds; CISA has recently upgraded their mailing list and supporting processes.
This is good insight to push for much faster patching cycles for these products, migrate to newer platforms, or make architectural changes that lower the risk of these products being exploited. Unfortunately, if you have any of these vulnerabilities in your environment, they were most likely already exploited.
Read more in
CISA: Alert (AA22-117A) 2021 Top Routinely Exploited Vulnerabilities
The Register: Five Eyes nations reveal 2021's fifteen most-exploited flaws
SC Magazine: These 15 vulnerabilities were the most commonly exploited in 2021
ZDNet: Remote execution holes in Log4j, Exchange and Confluence lead Five Eyes 2021 exploited CVE list