© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Bug exploitation party likely to last in Q3

Vulnerability exploitation will remain one of the primary avenues of entry into your network in Q3, cybersecurity firm Digital Shadows claims.

Threat actors often exploit privilege escalation vulnerabilities. In Q2 2022, they represented 48% of incidents reported by Digital Shadows.

“Privilege escalation flaws allow users higher levels of permission and access to systems or applications than administrators intended. They are valuable for attackers because they are often required for a range of malicious activity, but occasionally can be overlooked by defenders/developers because of their typically low severity scores,” the company said.

Weak authentication, remote code execution (RCE), and denial of service (DoS) vulnerabilities are common attack vectors too.

Q2 exploited vulnerabilities by type
Q2 exploited by vulnerabilities by type. Source: Digital Shadows

In Q2, Log4Shell was the most discussed vulnerability across various sources, including tweets, blogs, webpages, internet relay chats, and GitHub.

Threat actors continue targeting Log4Shell in large numbers. Cybersecurity and Infrastructure Security Agency (CISA) has just updated the joint advisory, urging to patch all affected VMware Horizon and Unified Access Gateway (UAG) systems to the latest versions.

Other frequently mentioned vulnerabilities were ProxyLogon, a 2021 RCE vulnerability affecting Microsoft HTML, and the BlueKeep Remote Desktop Protocol (RDP) vulnerability.

“Also surprisingly included was a 2010 vulnerability affecting SpringSource, an open-source framework for Java applications. This vulnerability became relevant in 2022 following the disclosure of the Spring4Shell vulnerability (CVE-2022-22965). [...] According to researchers, the Spring4Shell vulnerability bypasses the patch for CVE-2010-1622, which causes it to become exploitable,” Digital Shadows said.

Russian threat actors have been exploiting the Follina zero-day RCE (CVE-2022-30190) vulnerability, affecting the Microsoft Support Diagnostic Tool (MSDT,) to remotely execute PowerShell commands, which in turn, can lead to several attack methods.

Russian advanced persistent threat (APT) groups Sandworm and Fancy Bear are known to target this bug.

“To make matters worse, exploiting the vulnerability also does not require admin permissions, and an attacker may even elevate user permissions using the exploit. Attacks can be carried out even if Office macros are disabled, and the vulnerability may be triggered simply by viewing the document in Windows Explorer,” Digital Shadows said.

More from Cybernews:

The curious case of the self-proclaimed Cryptoqueen behind the $4b scam

How cybercriminals are taking advantage of QR Codes

Meta agrees to drop ad tool after race bias lawsuit

Beware falling victim to QR code scams

Major crypto exchanges lose millions because of the Cloudflare outage

Period-tracker data trading raises human rights fears

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked