Cybersecurity authorities around the world have released a list of the top 15 vulnerabilities regularly exploited by threat actors in 2021, in collaboration with the NSA and the FBI.
In a joint alert, the cybersecurity authorities recommended enterprises to patch these security holes as soon as possible and adopt patch management systems to decrease their attack surface.
Malicious actors have been spotted targeting internet-facing systems, such as email and virtual private network (VPN) servers, employing exploits targeting recently reported vulnerabilities all around the world.
According to the advisory, “malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organisations worldwide” in 2021, according to the US, Australian, Canadian, New Zealand, and UK cybersecurity authorities.
This could be attributed to malicious actors and security researchers publishing proof of concept (POC) vulnerabilities for most of the top exploited issues in 2021 within two weeks of their original disclosure.
However, some attackers targeted older vulnerabilities that had been patched years ago, indicating that some firms refuse to upgrade their systems even when a patch is available.
The top 15 most exploited security issues are listed here, along with links to the National Vulnerability Database entries and malware linked with them.
| CVE | Vulnerability | Vendor and Product | Type |
| CVE-2021-44228 | Log4Shell | Apache Log4j | Remote code execution (RCE) |
| CVE-2021-40539 | Zoho ManageEngine AD SelfService Plus | RCE | |
| CVE-2021-34523 | ProxyShell | Microsoft Exchange Server | Elevation of privilege |
| CVE-2021-34473 | ProxyShell | Microsoft Exchange Server | RCE |
| CVE-2021-31207 | ProxyShell | Microsoft Exchange Server | Security feature bypass |
| CVE-2021-27065 | ProxyLogon | Microsoft Exchange Server | RCE |
| CVE-2021-26858 | ProxyLogon | Microsoft Exchange Server | RCE |
| CVE-2021-26857 | ProxyLogon | Microsoft Exchange Server | RCE |
| CVE-2021-26855 | ProxyLogon | Microsoft Exchange Server | RCE |
| CVE-2021-26084 | Atlassian Confluence Server and Data Center | Arbitrary code execution | |
| CVE-2021-21972 | VMware vSphere Client | RCE | |
| CVE-2020-1472 | ZeroLogon | Microsoft Netlogon Remote Protocol (MS-NRPC) | Elevation of privilege |
| CVE-2020-0688 | Microsoft Exchange Server | RCE | |
| CVE-2019-11510 | Pulse Secure Pulse Connect Secure | Arbitrary file reading | |
| CVE-2018-13379 | Fortinet FortiOS and FortiProxy | Path traversal |
Mitigation and additional exploitation info
The cybersecurity agencies of the United States, Australia, Canada, New Zealand, and the United Kingdom have also identified and revealed 21 additional security vulnerabilities that bad cyber actors are likely to exploit in 2021, including ones that affect the Accellion File Transfer Appliance (FTA), Windows Print Spooler, and Pulse Secure Pulse Connect Secure.
Mitigation steps are included in the joint recommendation, which should help reduce the risk associated with the topmost misused defects listed above.
In partnership with the Australian Cyber Security Centre (ACSC) and the United Kingdom’s National Cyber Security Centre, CISA and the FBI also released a list of the top 10 most exploited security defects from 2016 to 2019 and a list of commonly exploited bugs in 2020. (NCSC).
MITRE also released a list of the most hazardous programming, design, and architecture security defects impacting hardware in 2021, as well as the top 25 most prevalent and dangerous software flaws during the preceding two years, in November 2021.
