Vulnerability exploitation will remain one of the primary avenues of entry into your network in Q3, cybersecurity firm Digital Shadows claims.
Threat actors often exploit privilege escalation vulnerabilities. In Q2 2022, they represented 48% of incidents reported by Digital Shadows.
“Privilege escalation flaws allow users higher levels of permission and access to systems or applications than administrators intended. They are valuable for attackers because they are often required for a range of malicious activity, but occasionally can be overlooked by defenders/developers because of their typically low severity scores,” the company said.
Weak authentication, remote code execution (RCE), and denial of service (DoS) vulnerabilities are common attack vectors too.
In Q2, Log4Shell was the most discussed vulnerability across various sources, including tweets, blogs, webpages, internet relay chats, and GitHub.
Threat actors continue targeting Log4Shell in large numbers. Cybersecurity and Infrastructure Security Agency (CISA) has just updated the joint advisory, urging to patch all affected VMware Horizon and Unified Access Gateway (UAG) systems to the latest versions.
Other frequently mentioned vulnerabilities were ProxyLogon, a 2021 RCE vulnerability affecting Microsoft HTML, and the BlueKeep Remote Desktop Protocol (RDP) vulnerability.
“Also surprisingly included was a 2010 vulnerability affecting SpringSource, an open-source framework for Java applications. This vulnerability became relevant in 2022 following the disclosure of the Spring4Shell vulnerability (CVE-2022-22965). [...] According to researchers, the Spring4Shell vulnerability bypasses the patch for CVE-2010-1622, which causes it to become exploitable,” Digital Shadows said.
Russian threat actors have been exploiting the Follina zero-day RCE (CVE-2022-30190) vulnerability, affecting the Microsoft Support Diagnostic Tool (MSDT,) to remotely execute PowerShell commands, which in turn, can lead to several attack methods.
Russian advanced persistent threat (APT) groups Sandworm and Fancy Bear are known to target this bug.
“To make matters worse, exploiting the vulnerability also does not require admin permissions, and an attacker may even elevate user permissions using the exploit. Attacks can be carried out even if Office macros are disabled, and the vulnerability may be triggered simply by viewing the document in Windows Explorer,” Digital Shadows said.
More from Cybernews:
Subscribe to our newsletter