{"id":7563,"date":"2021-01-21T20:52:29","date_gmt":"2021-01-22T03:52:29","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=7563"},"modified":"2023-04-05T12:41:19","modified_gmt":"2023-04-05T19:41:19","slug":"could-googles-most-searched-top-10-vulnerabilities-in-2020-be-key-attack-indicators","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/could-googles-most-searched-top-10-vulnerabilities-in-2020-be-key-attack-indicators\/","title":{"rendered":"Could Google\u2019s Most Searched Top 10 Vulnerabilities in 2020 be Key Attack Indicators?"},"content":{"rendered":"<blockquote>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">We analyzed ten vulnerabilities (discovered in 2020) that had a high search volume on google and here is what we found &#8211;<\/span><\/span><\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">CVE-2020-10189 &#8211; a RCE vulnerability in Zoho\u2019s Manage Engine Desktop Central is being exploited by APT41.\u00a0<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">CVE-2020-0688 &#8211; a RCE vulnerability in Microsoft Exchange Server was exploited in March by APT group <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/us-think-tank-breached-three-times-in-a-row-by-solarwinds-hackers\/\">Dark Halo<\/a>. They used this weakness to bypass multi-factor authentication defenses against unauthorized email access, making it easy for them to log in to SolarWinds\u2019 trojanized update.\u00a0<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<\/blockquote>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">2020 was a productive year for threat actors. The world\u2019s workforce is working remotely while dealing with the pandemic and threat actors were busy weaponizing critical vulnerabilities that had a global impact. Many organizations fell prey to ransomware and sophisticated cyber attacks that allowed remote and privileged access to sensitive information.\u00a0<\/span><\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">CSW analysts examined the recent vulnerabilities (discovered in 2020) with high search volume in Google and found ten weaknesses (<a href=\"#Table\">Click here to view the table<\/a>). <\/span><\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">We sought to find out why these vulnerabilities were searched and here are our insights &#8211;<\/span><\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-size: 18px;\"><strong><span style=\"font-family: verdana,geneva,sans-serif;\">The average weaponization rate\u00a0<\/span><\/strong><\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">While the average weaponization rate in 2020 is more than 45 days, four CVE\u2019s CVE-2020-10189, CVE-2020-9484, CVE-2020-1147 and CVE-2020-0688 got weaponized under 20 days of their discovery!<\/span><\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">While we are happy to share this insight it also begs the question as to how organizations can defend themselves without a sophisticated RBVM that would provide them this kind of dynamic trending analytics.<\/span><\/span><\/p>\n<p dir=\"ltr\"><img decoding=\"async\" style=\"width: 600px; height: 518px;\" src=\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/blogs\/top-10-trending-2020-vulnerabilities-infographic1.png\" alt=\"\" \/><\/p>\n<h3 dir=\"ltr\"><span style=\"font-size: 18px;\"><strong><span style=\"font-family: verdana,geneva,sans-serif;\">Two vulnerabilities exploited by APT Groups &amp; Ransomwares\u00a0<\/span><\/strong><\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">We also found that a vulnerability (CVE-2020-10189) in Zoho\u2019s Cloud Desktop Central is being exploited by APT-41 &#8211;\u00a0 a Chinese APT group known for using Maze ransomware as their arsenal. Hackers have been selling access to networks that use this Remote Monitoring Management application for <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-sell-access-to-your-network-via-remote-management-apps\/\">$100,000 in the dark web<\/a>.<\/span><\/span><\/p>\n<p><span style=\"font-size: 16px;\"><span style=\"font-family: verdana, geneva, sans-serif;\">CVE-2020-0688 &#8211; a Microsoft Exchange Server vulnerability is being used by two ransomwares (Egregor, and Thanos). *Discovered in February 2020, an exploit became available for this vulnerability in March and within the same month it started trending.\u00a0<\/span><\/span><\/p>\n<p><span style=\"font-size: 12px;\"><span style=\"font-family: verdana, geneva, sans-serif;\"><strong>Note<\/strong>: *Based on the trending charts from our RBVM platform (RiskSense) that draws data from hacker forums and advanced vulnerability analytics.<\/span><\/span><\/p>\n<p><span style=\"font-size: 16px;\"><span style=\"font-family: verdana, geneva, sans-serif;\">This vulnerability was used by APT Group Dark Halo to bypass multi-factor authentication defenses against unauthorized email access making it easy for them to login to SolarWinds trojanized update. <\/span><a style=\"font-family: verdana, geneva, sans-serif;\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/us-think-tank-breached-three-times-in-a-row-by-solarwinds-hackers\/\">Dark Halo is suspected to have attacked SolarWinds three times between late 2019 and July 2020.<\/a><\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-size: 18px;\"><strong><span style=\"font-family: verdana,geneva,sans-serif;\">Common Weaknesses that caused these vulnerabilities\u00a0<\/span><\/strong><\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">The products that are weakened by these vulnerabilities are Microsoft Exchange Server, Windows (10, 8, 7) &amp; Windows server (2019, 2016, 2008, 2012), Oracle\u2019s Fusion Middleware, Weblogic Server, Zoho\u2019s Manage Engine Desktop Central, Apache\u2019s Tomcat and CISCO\u2019s Ios xr.<\/span><\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">When we analyzed the CWE (common weakness enumeration) we found the following &#8211; CWE-835 (Infinite Loop), CWE-269 (Improper Privilege Management), CWE-20 (Improper Input Validation), CWE-134 (Use of Externally-Controlled Format String), and CWE-502 (Deserialization of Untrusted Data). Out of three vulnerabilities categorized under CWE-502 two are being used by APT groups and ransomware.\u00a0<\/span><\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">This calls to question the secure coding practices that developers need to adopt. They should avoid these weaknesses even while they write the code to avoid shipping products that are vulnerable to serious cyber attacks.<\/span><\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-size: 18px;\"><strong><span style=\"font-family: verdana,geneva,sans-serif;\">Analysis of Top 3 Vulnerability Scanners<\/span><\/strong><\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">The good news is that popular scanners such as Tenable, Nexpose, and Qualys can detect these vulnerabilities. However, Nexpose doesn\u2019t detect these two vulnerabilities &#8211; CVE-2020-2555 and CVE-2020-3118.<\/span><\/span><\/p>\n<h4 dir=\"ltr\"><a id=\"Table\" name=\"Table\"><\/a>Google&#8217;s 2020 Top 10 Vulnerabilities<\/h4>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><iframe class=\"airtable-embed\" style=\"background: transparent; border: 1px solid #ccc;\" src=\"https:\/\/airtable.com\/embed\/shrTsEAAKKwrm1Q5g?backgroundColor=blue&amp;viewControls=on\" width=\"100%\" height=\"533\" frameborder=\"0\"><\/iframe><\/span><\/p>\n<h4 dir=\"ltr\"><span style=\"font-size: 18px;\"><strong><span style=\"font-family: verdana,geneva,sans-serif;\">The way forward<\/span><\/strong><\/span><\/h4>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">The pace at which threat actors seem to weaponize and exploit newly minted vulnerabilities is downright alarming. With seven out of ten vulnerabilities having RCE\/PE capability prioritizing these weaknesses for patching becomes a priority.\u00a0<\/span><\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">These trends are a strong indication for organizations to start looking at their attack surface and find ways to defend them from threat actors.\u00a0<\/span><\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">Year after year, we are looking at products with more vulnerabilities that threat actors are more than happy to use. One of the many solutions that could help organizations is accurate dynamic data that provides information about vulnerabilities and their threat context. We need trend watchers based on machine learning that can compute this dynamic data and provide organizations with predictive trends about vulnerabilities that could be exploited &#8212; even before it manifests. Working in tandem with this, a Shift Left solution that would help developers test and correct the weaknesses in their products before it goes to market.\u00a0<\/span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>2020 was a productive year for threat actors. With the world\u2019s workforce working remotely while dealing with the pandemic, threat actors were busy weaponizing critical vulnerabilities that had a global impact. Many organizations fell prey to ransomware and sophisticated cyber attacks that allowed remote and privileged access to sensitive information.<\/p>\n","protected":false},"author":1,"featured_media":13484,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[82,80,123],"tags":[107,349,414,409,413,91,241,412],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/7563"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/comments?post=7563"}],"version-history":[{"count":4,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/7563\/revisions"}],"predecessor-version":[{"id":14367,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/7563\/revisions\/14367"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/13484"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=7563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/categories?post=7563"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/tags?post=7563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}