List of top 10 vulnerabilities commonly used by hackers according to FBI & CISA

U.S. government cybersecurity agencies have released a list of the 10 most exploited security vulnerabilities exploited by threat actors between 2016 and 2019. The report, issued jointly by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the U.S. Government was conducted so that public and private organizations can correct their computer weaknesses by applying a priority criterion.

“The public and private sectors could mitigate some foreign cyber threats thanks to this effort, so critical computer systems and software for prompt updating of security systems can be corrected,” the report says.

The U.S. government hopes that by deploying a concrete campaign to repair these vulnerabilities, it will make the operations of foreign threat actors (tasks such as exploit sales or cybercriminal groups for hire) more difficult. The full report is on the official platforms of the agencies that collaborated on its development.

According to the report, the most exploited vulnerabilities are present in Microsoft’s Object Embedding and Linking (OLE) technology, while the second most exploited set of failures belong to Apache Struts technology.

In addition, of the top 10 vulnerabilities, the three most commonly used are CVE-2017-11882, CVE-2017-0199, and CVE-2012-0158. These flaws have been used in cyberattack campaigns sponsored by the governments of China, Iran, North Korea and Russia. These three failures are related to Microsoft OLE technology.

Below is a list of the 10 failures listed in the report, in addition to the malware variants associated with its exploitation.

  • CVE-2017-11882: Exploitable with Loki, FormBook and Pony/FAREIT
  • CVE-2017-0199 Exploitable with FINSPY, LATENTBOT and Dridex
  • CVE-2017-5638: Exploitable with JexBoss
  • CVE-2012-0158 Exploitable with Dridex
  • CVE-2019-0604: Exploitable with China Chopper
  • CVE-2017-0143: Exploitable with EternalSynergy and EternalBlue
  • CVE-2018-4878: Exploitable with DOGCALL
  • CVE-2017-8759: Exploitable with FINSPY, FinFisher and WingBird
  • CVE-2015-1641: Exploitable with Toshliph and Uwarrior
  • CVE-2018-7600: Exploitable with Kitty

Chinese hackers have been exploiting CVE-2012-0158 since 2018, demonstrating that organizations have been unable to correct this vulnerability and that threat actors will continue to compromise systems through known and unexploded flaws. 

Agencies also recommend that organizations implement the necessary measures for the transition to updated software tools, as programs and tools that are no longer supported are more likely to be exploited by hackers.