Must haves for Security Analytics platforms
One of the biggest challenges of cyber security teams is to have a good vulnerability management policy, since it is practically impossible to patch every vulnerability out there. Cognyte scoured the Deep and Dark Web to discover the most popular CVEs among threat actors during the last year. We are pleased to introduce our new CVE report to help you better prioritize vulnerability management.
Finding focus in vulnerability management
Preventing a zero day attack is crucial for cyber security teams, but according to Gartner, “the top issue in vulnerability management is that organizations aren’t prioritizing their patching and compensating controls to align to vulnerabilities targeted by threat actors.” The advisory finds that although breaches are increasing, a small set of vulnerabilities are being exploited. The key for cybersecurity teams is finding the most commonly exploited vulnerabilities. But how can you find them?
Making the right CVE list
Identifying which CVEs will be the biggest threats in the future is daunting. It isn’t only a matter of cataloguing past cyber-attacks. The goal is to get into the minds of dark actors: to observe their forums, hear what they are saying and learn their plans. In doing this, we are able to identify which CVEs have the most buzz – and what kind of plans cyber-criminals have for them.
In our research we dove deep, searching forums all over the globe. We found over a thousand CVEs. Here is the raw data we started with:
- 15 different Deep and Dark Web forums in English, Russian, Turkish, Chinese and Spanish were examined for this report (more than half were Russian-speaking forums).
- 1,267 different CVEs were mentioned on posts that were published on these platforms between January 01, 2020 and March 01, 2021.
- 56.3% of the 1,267 CVEs were disclosed in 2020 and 17.3% of them were disclosed in 2019.
The raw data was a good starting point, but our goal isn’t to tell security teams that there are hundreds of exploits. Our report delivers actionable insights as to which CVEs are the biggest threats, and how they will be exploited.
Our first conclusion while working on the research findings’ analysis was that the popularity of a CVE can be based both on the number of posts published about it and the engagement of the posts. Popular CVEs were widely distributed among multiple forms and languages.
Here’s a taste of a few of the most popular CVEs we found:
- CVE-2020-0796 (aka SMBGhost, CVSS:10) received the highest number of posts among the CVEs examined.
- CVE-2017-11882, a Microsoft Office Memory Corruption Vulnerability (CVSS:7.8), was mentioned in the highest number of forums, meaning it had the widest distribution in discussions conducted on the examined platforms. The top mentioned CVE on Russian speaking forums was CVE-2019-19781, a flaw in Citrix Application Delivery Controller (ADC) and Gateway (CVSS:9.8).
- On Chinese speaking forums the top mentioned CVE was CVE-2020-0796.
- On English speaking forums there were two CVEs that received the highest number of posts: CVE-2020-0688, a flaw in Microsoft Exchange (CVSS:8.8) and CVE-2019-19781, an exploit that was also the most frequently mentioned CVE on Russian forums. One of the “Top ten CVEs” by number of forums (distribution parameter) is CVE-2012-0158 (a vulnerability in Microsoft Office, CVSS: 9.3). This flaw was exploited by threat actors during the COVID-19 outbreak in 2020. The fact that this flaw is still used by threat actors clearly proves that organizations are not patching their systems and are not maintaining a resilient security posture.
Do you want to improve your team’s vulnerability management?
Download the full report to get insights into the most popular CVEs and how they are used.