The NSA has published a list of the top 25 vulnerabilities currently being exploited by Chinese state-backed hackers to target US organizations.
These attackers work as most cybercrime groups typically would: by identifying and gathering information on a target, identifying any vulnerabilities and then launching an exploitation operation using homegrown or reused exploits, the NSA explained.
The advisory urged organizations to apply publicly available patches as soon as possible to mitigate the threats.
“This advisory provides Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks,” it noted.
“Most of the vulnerabilities listed below can be exploited to gain initial access to victim networks using products that are directly accessible from the internet and act as gateways to internal networks. The majority of the products are either for remote access (T1133) or for external web services (T1190), and should be prioritized for immediate patching.”
Some of the most widely publicized CVEs in the list include Zerologon (CVE-2020-1472), Bluekeep (CVE-2019-0708), SIGRed (CVE-2020-1350), and flaws in Pulse Secure VPNS (CVE-2019-11510) and Citrix ADC and Gateway systems (CVE-2019-19781, CVE-2020-8193, CVE-2020-8195, CVE-2020-8196).
Jake Moore, cybersecurity specialist at ESET, argued that some organizations find it operationally difficult to patch immediately, which might store up problems for later.
“This year’s increase in remote working has also brought additional difficulties with updating machines, highlighting certain problems that were not previously apparent,” he added.
“It is always worth patching at your earliest convenience to help protect each device. Although administrators now have a tougher task in protecting their devices, this list from the NSA could be used to highlight to directors just how important a proactive approach to cybersecurity is.”
The shift to mass remote working has indeed created new opportunities for cyber-atatckers to exploit. In research from Tanium earlier this year 43% of IT ops leaders reported patching problems on users’ personal devices.