With each passing year, hacker attacks become more advanced and sophisticated, so keeping up with security vulnerabilities is now more crucial than ever. This article highlights some of the most dangerous vulnerabilities exploited by malicious actors in 2022.
1. Follina (CVE-2022–30190)
Disclosed (and patched) in May 2022, CVE-2022–30190 (informally known as “Follina”) is a remote code execution bug in Microsoft Windows Support Diagnostic Tool (MSDT), which allows a remote attacker to execute arbitrary shell commands on the target system.
Since its public disclosure, security researchers observed numerous cases involving the exploitation of the flaw, including multiple phishing attacks by Russia-linked threat actors (Sandworm, UAC-0098, APT28) targeting organizations and government agencies in Ukraine designed to infect victims with info-stealing malware, and cyber-espionage campaigns aimed at European and US governments. The Follina vulnerability has also been exploited to plant remote access tools like Qbot and AsyncRAT and deploy backdoors on Windows systems.
2. Log4Shell (CVE-2021–44228)
Despite being disclosed at the end of 2021, the Log4Shell flaw is still ranked high on the list of the most-exploited vulnerabilities and is still one the most commonly discussed vulnerabilities among cyber criminals on underground forums.
CVE-2021–44228 is a remote code execution flaw in a popular Apache Log4j open-source logging utility. By exploiting the flaw, a threat actor can send a specially-crafted command to an affected system, execute a malicious code, and take over the victim’s machine. Since December 2021, the now-fixed Log4Shell bug has been actively exploited by multiple threat actors, ranging from crypto miners, DDoS botnets, ransomware gangs and initial access brokers to state-backed hackers linked to governments in China, Iran, North Korea, and Turkey.
More recently, threat actors have been observed using Log4Shell to deploy malware on unpatched, public-facing VMware Horizon and Unified Access Gateway servers.
3. Spring4Shell (CVE-2022–22965)
CVE-2022–22965 (Spring4Shell, SpringShell) is a remote code execution vulnerability in Spring Framework, a widely-used open source Java framework from VMware, named after the above mentioned Log4Shell flaw. Once attackers achieve remote code execution, they can install malware or can use the affected server as an initial foothold to escalate privileges and compromise the whole system.
While not as widespread as Log4Shell and not trivial to exploit, organizations shouldn’t take Spring4Shell lightly, as it has already been weaponized by cyber criminals to deploy cryptocurrency miners, and by botnets powered by the infamous Mirai malware.
4. F5 BIG-IP (CVE-2022–1388)
First disclosed in May, 2022, CVE-2022–1388 is another critical bug worth paying attention to. The flaw affects the BIG-IP iControl REST authentication component within F5 BIG-IP suite of software and hardware, and, if exploited, allows an unauthenticated attacker to execute commands on BIG-IP network devices with “root” privileges. Over the past months, researchers spotted multiple attempts to exploit the vulnerability in attacks designed to wipe devices, or drop web shells.
5. Google Chrome zero-day (CVE-2022–0609)
The now patched CVE-2022–0609 is a remote code execution flaw in Google Chrome’s animation component that was leveraged in two separate North Korea-linked hacker campaigns, dubbed “Operation Dream Job” and “Operation AppleJeus”, that targeted several organizations in the media, IT, cryptocurrency, and financial-technology (FinTech) industries located in the United States.
Continue reading:
https://www.immuniweb.com/blog/top-10-exploited-vulnerabilities-in-2022.html
