NSA list of the Top 25 Cyber Threats

Posted on 2020-11-02 by guenni

[German]Cyber criminals are successfully attacking businesses, administration and organizations and successfully exploiting vulnerabilities for these actions. The American intelligence service NSA has published a list of the most frequently used attack vectors, exploits and malware by Chinese hacker groups. It might be interesting to take a look at this list, which I received through Check Point, the provider of cyber security solutions.

Advertising

Currently there are several articles of successful cyber attacks in the media every day. Ransomware infections, data theft and the associated potential for blackmail have now reached the mainstream. The security researchers at Check Point® Software Technologies Ltd. (a provider of cyber security solutions for businesses and governments) are using the ThreatCloud to monitor which industries are most frequently attacked (according to the NSA) by  largest cyber threats.

Cyber-Angriffsziele laut NSA
(Cyber Threads, Source: CheckPoint/NSA,  Click to zoom)

The cyber attacks, exploiting known vulnerabilities, were directed against 161 countries worldwide. The USA, Germany, Great Britain, Indonesia and the Netherlands were most frequently attacked.

The most dangerous exploits

Cyber attacks by threat actors make use of known vulnerabilities in the software and infrastructure used. The NSA report lists the most dangerous vulnerabilities/exploits in this area. Many of the vulnerabilities listed in the NSA report are targeted at widely distributed and popular products. The associated threat is correspondingly high.

I found it interesting that (with one exception) Microsoft Windows or Office and other software used on client computers does not appear. The critical vulnerabilities to infiltrate corporate networks (and are used by Chinese hackers) are found in network products. Below is an overview of the five most commonly exploited vulnerabilities in this area: 

Advertising
  • Draytek Vigor Command Injection (CVE-2020-8515) – A critical vulnerability (CVSS base score of 9.8) in several versions of DrayTek Vigor, a series of VPN routers
  • Microsoft Windows NTLM authentication bypass (CVE-2019-1040) – A vulnerability (CVSS base score 5.8) in several versions of Microsoft Windows.
  • Citrix Multiple Products Directory Traversal (CVE-2019-19781) – A critical vulnerability (CVSS base score 9.8) in Citrix Application Delivery Controller (ADC) and Citrix Gateway
  • Pulse Connect Secure File Disclosure (CVE-2019-11510) – A critical vulnerability (CVSS Base Note 10) in Pulse Connect Secure, Pulse Secure's SSL VPN solution.
  • F5 BIG-IP Remote Code Execution (CVE-2020-5902) – A critical vulnerability (CVSS Base 9.8) in several versions of BIG-IP, the popular F5 products.

CheckPoint has compiled an overview of the vulnerabilities and tips for protecting against them in this blog post.

Advertising
This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).