Top Targeted Vulnerabilities Under Attack - 2020 vs 2021

What's new?

• The vulnerabilities mostly targeted by attackers belong to application software related to VPNs, remote work, and cloud-based technologies.
• Most of the VPN gateway devices were left unpatched throughout 2020. With the growth of remote work options, most organizations struggled to perform proper patch management.
• In 2021, attackers are still targeting vulnerabilities in perimeter-type products. Some of the heavily abused vulnerabilities in 2021 are in Pulse, Microsoft, VMware, Fortinet, and Accellion.
• Most exploited vulnerabilities for the year include CVE-2021-26855, CVE-2021-26857, and CVE-2021-22894, among others.

Top exploited vulnerabilities in 2020

• Some of the top identified vulnerabilities are CVE-2019-19781, CVE-2019-11510, CVE-2018-13379, CVE-2020-5902, CVE-2020-15505, CVE-2017-11882, CVE-2019-11580, and CVE-2018-7600.
• Most of these vulnerabilities are arbitrary code execution, RCE, and elevation of privilege. These abused vulnerabilities have been impacting multiple sets of targets in various industries.

Conclusion