Experts from the FBI, the US Department of Homeland Security (DHS CISA), the Australian Cybersecurity Center (ACSC), and the UK National Cybersecurity Center (NCSC) have published joint security advisories that list the most attacked and most popular vulnerabilities among criminals in 2020 and 2021.
Based on data collected by the US government, most of the attacked vulnerabilities were discovered after early 2020, and many of the bugs are clearly related to the widespread transition to remote work. As a result, the four vulnerabilities most commonly exploited in 2020 were related to remote work, VPN and cloud services.
As a result, the list of the most “popular” bugs of 2021 looks like this:
- Microsoft Exchange Server: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 (ProxyLogon vulnerabilities);
- Pulse Secure: CVE-2021-22893, CVE-2021-22894, CVE-2021-22899 and CVE-2021-22900;
- Accellion: CVE-2021-27101, CVE-2021-27102, CVE-2021-27103 and CVE-2021-27104;
- VMware: CVE-2021-21985;
- Fortinet: CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.
Let me remind you that I also wrote that the FBI and NSA release a statement about attacks by Russian hackers.