2023 Top Routinely Exploited Vulnerabilities

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/

Contact Us: https://www.socfortress.co/contact_form.html

Intro

​The FBI, the NSA, and Five Eyes cybersecurity authorities have released a list of the top 15 routinely exploited vulnerabilities throughout last year, most of them first abused as zero-days.

A joint advisory calls for organisations worldwide to immediately patch these security flaws and deploy patch management systems to minimise their networks’ exposure to potential attacks.

This advisory provides details, collected and compiled by the authoring agencies, on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2023 and their associated Common Weakness Enumerations (CWEs).
Malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks in 2023 compared to 2022, allowing them to conduct operations against high priority targets.
The authoring agencies strongly encourage vendors, designers, developers, and end-user organisations to implement the recommendations (later in this article), and those found within the Mitigations section of the advisory, to reduce the risk of compromise by malicious cyber actors.

Reference: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a

Complete list of last year’s most exploited vulnerabilities

Cybersecurity Efforts to Include

  • Implementing security-centered product development lifecycles: Software developers deploying patches to fix software vulnerabilities is often a lengthy and expensive process, particularly for zero-days. The use of more robust testing environments and implementing threat modeling throughout the product development lifecycle will likely reduce overall product vulnerabilities.
  • Increasing incentives for responsible vulnerability disclosure: Global efforts to reduce barriers to responsible vulnerability disclosure could restrict the utility of zero-day exploits used by malicious cyber actors.
  • Using sophisticated endpoint detection and response (EDR) tools: End users leveraging EDR solutions may improve the detection rate of zero-day exploits. Most zero-day exploits, including at least three of the top
    15 vulnerabilities from last year, have been discovered when an end user or EDR system reports suspicious activity or unusual device malfunctions.

Recommended mitigations for End-User Organisations

The authoring agencies recommend end-user organisations implement the mitigations below to improve their cybersecurity posture based on threat actors’ activity.

These mitigations align with the cross-sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement.

CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful threats, tactics, techniques, and procedures.

Vulnerability and Configuration Management

Update software, operating systems, applications, and firmware on IT network assets in a timely manner.

  • Prioritise patching KEVs, especially those CVEs identified in this advisory, then critical and high vulnerabilities that allow for remote code execution or denial-of-service on internet-facing equipment.
  • If a patch for a KEV or critical vulnerability cannot be quickly applied, implement vendor- approved workarounds.
  • Replace end-of-life software (i.e., software no longer supported by the vendor).

SOCFortress References: Using EPSS for Effective Vulnerability Management Using Wazuh

Routinely perform automated asset discovery

  • Scope: the entire estate to identify and catalogue all the systems, services, hardware, and software.

SOCFortress References: SOCFortress Integrations — Network Discovery and Inventory Using NetDisco

Implement a robust patch management process and centralised patch management system that establishes prioritisation of patch applications.

  • Organisations that are unable to perform rapid scanning and patching of internet-facing systems should consider moving these services to mature, reputable cloud service providers (CSPs) or other managed service providers (MSPs).
  • Reputable MSPs can patch applications (such as webmail, file storage, file sharing, chat, and other employee collaboration tools) for their customers.
  • Document secure baseline configurations for all IT/OT components, including cloud infrastructure.
  • Perform regular secure system backups and create known good copies of all device configurations for repairs and/or restoration.
  • Maintain an updated cybersecurity incident response plan that is tested at least annually and updated within a risk informed time frame to ensure its effectiveness.

SOCFortress References:

Identity and Access Management

Enforce phishing-resistant multifactor authentication (MFA) for all users without exception

  • Enforce MFA on all VPN connections.
  • If MFA is unavailable, require employees engaging in remote work to use strong passwords.
  • Regularly review, validate, or remove unprivileged accounts (annually at a minimum).
  • Configure access control under the principle of least privilege. Ensure software service accounts only provide necessary permissions (least privilege) to perform intended functions (using non-administrative privileges where feasible).

SOCFortress References:

Protective Controls and Architecture

Properly configure and secure internet-facing network devices

  • Disable unused or unnecessary network ports and protocols, encrypt network traffic, and disable unused network services and devices
  • Harden commonly exploited enterprise network services, including Link-Local Multicast Name Resolution (LLMNR) protocol, Remote Desktop Protocol (RDP), Common Internet File System (CIFS), Active Directory, and OpenLDAP.
  • Manage Windows Key Distribution Center (KDC) accounts (e.g., KRBTGT) to minimize Golden Ticket attacks and Kerberoasting.
  • Strictly control the use of native scripting applications, such as command-line, PowerShell, WinRM, Windows Management Instrumentation (WMI), and Distributed Component Object Model (DCOM).

SOCFortress References:

Continuously monitor the attack surface

  • Investigate abnormal activity that may indicate cyber actor or malware lateral movement.
  • Use security tools, such as endpoint detection and response (EDR) and security information and event management (SIEM) tools.
  • Consider using an information technology asset management (ITAM) solution to ensure EDR, SIEM, vulnerability scanners, and other similar tools are reporting the same number of assets.
  • Use web application firewalls to monitor and filter web traffic.
  • Implement an administrative policy and/or automated process configured to monitor unwanted hardware, software, or programs against an allowed list with specified, approved versions

SOCFortress References:

Supply Chain Security

Reduce third-party applications and unique system/application builds and ensure contracts require vendors and/or third-party service providers to:

  • Provide notification of security incidents and vulnerabilities within a risk informed time frame.
  • Supply a Software Bill of Materials (SBOM) with all products to enhance vulnerability monitoring and to help reduce time to respond to identified vulnerabilities.

Ask your software providers to discuss their secure by design program, provide links to information about how they are working to remove classes of vulnerabilities, and to set secure default settings.

SOCFortress References:

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/

Contact Us: https://www.socfortress.co/contact_form.html

原始链接: https://socfortress.medium.com/2023-top-routinely-exploited-vulnerabilities-d9b48109fbfc?source=rss-36613248f635------2
侵权请联系站方: [email protected]

相关推荐

换一批