July 29, 2021
The recently released Joint Cybersecurity Advisory coauthored by the U.S. Cybersecurity and Infrastructure Security Agency, U.S. Federal Bureau of Investigation, U.K. National Cyber Security Centre, and Australian Cyber Security Centre contains information on the top 30 vulnerabilities malicious cyber actors have most often exploited since the beginning of 2020 to July 2021.
The advisory contains vulnerability descriptions, indicators of compromise, detection methods, patch availability, mitigation recommendations, and vulnerable technologies and versions.
CISA - Alert (AA21-209A) Top Routinely Exploited Vulnerabilities
Impact to HPH Sector
The impact to the HPH Sector regarding these vulnerabilities is extremely high. It is imperative that each of these CVEs be checked against organizations’ networks to ensure that applicable patches are applied.
To highlight the seriousness of these vulnerabilities, since the beginning of 2020:
- Russian cyber espionage group APT29 (aka “Cozy Bear” or “the Dukes”) has been identified using CVEs targeting Citrix, Pulse Secure, and Fortinet, to target COVID-19 vaccine research and development
- The Accellion File Transfer Appliance fell victim to a cyber attack which impacted numerous healthcare entities
- Microsoft Exchange Servers across the HPH fell victim to the Chinese cyber threat actor HAFNIUM
- HC3 has observed a threat actor on the dark web advertise network access to an IT support company with healthcare customers in the U.S. via a VMware vulnerability, allowing user logon and remote user access
HC3 has previously developed reports on some of these vulnerabilities:
- HC3 - Active Exploitation of Pulse Secure Zero-Day Vulnerabilities by Multiple Threat Actors https://hhsgov.sharepoint.com/sites/HC3/Lists/Product%20Tracking%20List/Attachments/305/202104201835_Pulse_Secure_Vulnerabilities_TLP_WHITE.pdf
- HC3 – Tools for Detection of Compromise of Microsoft Exchange Server Vulnerabilities
- HC3 - Microsoft Patches Zero-Day Vulnerabilities Being Actively Exploited by a Threat Actor who has Historically Targeted Healthcare Organizations
- HC3 - Accellion Compromise Impacts Many Targets Including Healthcare Organizations
- HC3 – Pulse Secure VPN Servers Leak: Incident Case Study
Joint Seal – AA21-209A Top Routinely Exploited Vulnerabilities (PDF Version)
If you have any additional questions, please contact us at HC3@hhs.gov.