The National Security Agency (NSA) published a list today of the top 25 vulnerabilities that are consistently being targeted by foreign threat actors. The plethora of publicly accessible systems running unpatched software means that threat actors do not need to finance the development or burn a zero day.
Please find below a comment from Satnam Narang, Staff Research Engineer at Tenable.
“If you’re experiencing déjà vu from the National Security Agency (NSA) advisory listing the top 25 vulnerabilities being leveraged by foreign threat actors, your feeling is warranted. Many of the vulnerabilities in the advisory align with similar alerts that have been published by the Cybersecurity and Infrastructure Security Agency (CISA) over the last year.
It’s unmistakably clear that unpatched vulnerabilities remain a valuable tool for cybercriminals and state-sponsored threat actors. With many of the vulnerabilities listed in the advisory residing in remote access tools or external web services, it is extremely critical for organisations to prioritise patching these vulnerabilities.
As CISA noted in their Top 10 Routinely Exploited Vulnerabilities alert from earlier this year, threat actors do not need to finance the development of or acquire zero day vulnerabilities so long as there are a plethora of publicly accessible systems running unpatched software. This is further compounded by the availability of proof of concept code and exploit scripts that threat actors can easily co-opt as part of their own attacks, as we have seen in the case of the Copy Paste Compromises attacks reported by the Australian Cyber Security Centre.”