The report showcases various vulnerabilities in the US cyberinfrastructure and the growing threat of cyber activities from various foreign actors
According to the new report released by the FBI, and Cybersecurity, and Infrastructure Security Agency (CISA), foreign cyber actors remain active in exploiting the US’s IT infrastructure both in public, and private spheres. According to the report, these actors often exploit the dated and publicly known vulnerabilities to threaten enterprises in the US. The report also highlights the most common vulnerabilities and exposures, also known as CVEs to help enterprises combat cybercrimes more effectively.
According to the official agencies, the exploitation of dated infrastructure and software vulnerabilities tops the list, since it provides an easy target. Currently, threats like zero-day exploits do not have a security patch available.
The agencies insisted on a more proactive approach from enterprises, which can lead to less damage to US interest with increased efforts to patch systems and implement programs to keep systems up to date. According to the report, the push from US enterprises to patch their systems would force foreign actors to move on to more costly resources, and less widely effective security threats. Additionally, such initiatives by US companies and organizations will also improve key infrastructure such as network security.
The agencies have identified key 10 threats, which are most commonly exploited. These threats were most active during the period of 2016-2019 in the US. These include CVE-2017-0199, CVE-2017-11882, CVE-2012-0158, CVE-2017-5638, CVE-2017-0143, CVE-2019-0604, CVE-2017-8759, CVE-2018-4878, CVE-2015-1641, and CVE-2018-7600 in no particular order.
Moreover, the report also highlighted that the foreign actor often focused on exploiting vulnerabilities in Microsoft’s OLE technology. The technology, also known as Object Linking, and Embedding contains embedded content from programs like spreadsheets. Additionally, Apache Struts emerged as the second-most targeted web framework.
The agencies reported that most threats to US cybersecurity came from countries like Russia, China, Iran, and North Korea. In December 2019, the agencies reported an increase in attacks from China, which the agency identified as the largest involvement of foreign cyber actors in recent times. The Chinese often focused on the CVE-2012-0158 vulnerability, which the US government had warned enterprises about, back in 2015. The agency further highlighted the need for strong implementation of security patches and increased threat of Chinese incorporation of dated flaws into operational tradecrafts.
The agency also highlighted the struggles of security teams in implementing security patches, which included significant investment in efforts and also interoperability and compatibility with other software. The report details some of the findings from the earlier report which highlighted common vulnerabilities in Microsoft, and Adobe flash products, often the key targets due to their widespread usage. The agency also highlighted that rapid cloud deployment of the organization of key products like Microsoft Office without a security framework can also result in significant security challenges for enterprises. It called for enterprises to move-away from end-life software to ensure maximum security.