HC3 TLP White Alert: Top Routinely Exploited Vulnerabilities of 2020 and 2021

July 29, 2021

Executive Summary

The recently released Joint Cybersecurity Advisory coauthored by the U.S. Cybersecurity and Infrastructure Security Agency, U.S. Federal Bureau of Investigation, U.K. National Cyber Security Centre, and Australian Cyber Security Centre contains information on the top 30 vulnerabilities malicious cyber actors have most often exploited since the beginning of 2020 to July 2021.

The advisory contains vulnerability descriptions, indicators of compromise, detection methods, patch availability, mitigation recommendations, and vulnerable technologies and versions.

Report

CISA - Alert (AA21-209A) Top Routinely Exploited Vulnerabilities
https://us-cert.cisa.gov/ncas/alerts/aa21-209a

Impact to HPH Sector

The impact to the HPH Sector regarding these vulnerabilities is extremely high. It is imperative that each of these CVEs be checked against organizations’ networks to ensure that applicable patches are applied.

To highlight the seriousness of these vulnerabilities, since the beginning of 2020:

  • Russian cyber espionage group APT29 (aka “Cozy Bear” or “the Dukes”) has been identified using CVEs targeting Citrix, Pulse Secure, and Fortinet, to target COVID-19 vaccine research and development
  • The Accellion File Transfer Appliance fell victim to a cyber attack which impacted numerous healthcare entities 
  • Microsoft Exchange Servers across the HPH fell victim to the Chinese cyber threat actor HAFNIUM
  • HC3 has observed a threat actor on the dark web advertise network access to an IT support company with healthcare customers in the U.S. via a VMware vulnerability, allowing user logon and remote user access

HC3 has previously developed reports on some of these vulnerabilities:

References

Joint Seal – AA21-209A Top Routinely Exploited Vulnerabilities (PDF Version)
https://us-cert.cisa.gov/sites/default/files/publications/AA21-209A_Joint%20CSA_Top%20Routinely%20Exploited%20Vulnerabilities.pdf

Contact Information

If you have any additional questions, please contact us at HC3@hhs.gov.

 

Related Resources

Advancing Health Podcast
Public
America’s hospitals and health systems are at risks of attacks that threaten the bio-economy. How do these threats affect patients and citizens and what we can…
Fact Sheets
It is imperative that Congress invest in America’s hospitals and health systems to ensure that the nation’s health care needs can be met today and into the…
Letter/Comment
The American Hospital Association (AHA) would like to share hospital and health system priorities that would benefit patients and communities around the…
Advancing Health Podcast
Public
On this AHA Advancing Health podcast, John Riggi, AHA senior advisor for cybersecurity and risk, speaks with his former FBI colleague Mike Orlando, acting…
Advisory
Public
Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability — known as PrintNightmare (CVE-2021-34527) — in the…
Advancing Health Podcast
Public
Hospitals and health systems have frequently been the target of high-impact ransomware attacks. In this podcast, John Riggi, AHA senior advisor for…