Global cybersecurity advisory highlights the 15 most targeted vulnerabilities of 2021, indicating that attackers targeted exploits both old and new last year. Credit: MysteryShot / Getty Images Global cybersecurity authorities have published a joint advisory on the 15 Common Vulnerabilities and Exposures (CVEs) most routinely exploited by malicious cyber actors in 2021. The advisory is co-authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), U.S. National Security Agency (NSA), U.S. Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), and United Kingdom’s National Cyber Security Centre (NCSC-UK).The advisory warned that malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide, last year. What’s more, malicious actors also continued to exploit publicly known, dated software vulnerabilities.Attackers target internet-facing systems with new exploits and dated vulnerabilities“Globally, in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities,” the advisory read. For most of the top exploited vulnerabilities, researchers or other actors released proof of concept (POC) code within two weeks of the vulnerability’s disclosure, likely facilitating exploitation by a broader range of malicious actors, it continued. To a lesser extent, malicious cyber actors also continued to exploit publicly known, dated software vulnerabilities, some of which were routinely exploited in 2020 or earlier, the advisory continued. “The exploitation of older vulnerabilities demonstrates the continued risk to organizations that fail to patch software in a timely manner or are using software that is no longer supported by a vendor.” The UK’s NCSC CEO, Lindy Cameron, said, “NCSC and our allies are committed to raising awareness of vulnerabilities and presenting actionable solutions to mitigate them. This advisory places the power in the hands of network defenders to fix the most common cyber weaknesses in the public and private sector ecosystem.”15 most exploited vulnerabilities in 2021Among the 15 most targeted vulnerabilities of 2021 are infamous exploits Log4Shell, ProxyShell and ProxyLogon, which impact Apache Log4j and Microsoft Exchange Server. Others include vulnerabilities in products from VMware, Fortinet and Pulse Secure. The 15 most targeted vulnerabilities of 2021 were: CVE-2021-44228 (Log4Shell): Remote code execution (RCE) vulnerability in Apache Log4jCVE-2021-40539: RCE vulnerability in Zoho ManageEngine AD SelfService PlusCVE-2021-34523 (ProxyShell): Elevation of privilege vulnerability in Microsoft Exchange ServerCVE-2021-34473 (ProxyShell): RCE vulnerability in Microsoft Exchange ServerCVE-2021-31207 (ProxyShell): Security feature bypass in Microsoft Exchange ServerCVE-2021-27065 (ProxyLogon): RCE vulnerability in Microsoft Exchange ServerCVE-2021-26858 (ProxyLogon): RCE vulnerability in Microsoft Exchange ServerCVE-2021-26857 (ProxyLogon): RCE vulnerability in Microsoft Exchange ServerCVE-2021-26855 (ProxyLogon): RCE vulnerability in Microsoft Exchange ServerCVE-2021-26084: Arbitrary code execution vulnerability in Atlassian Confluence Server and Data CenterCVE-2021-21972: RCE vulnerability in VMware vSphere ClientCVE-2020-1472 (ZeroLogon): Elevation of privilege vulnerability in Microsoft Netlogon Remote Protocol (MS-NRPC)CVE-2020-0688: RCE vulnerability in Microsoft Exchange ServerCVE-2019-11510: Arbitrary file reading vulnerability in Pulse Secure Pulse Connect SecureCVE-2018-13379: Path traversal vulnerability in Fortinet FortiOS and FortiProxyIn this list are three vulnerabilities that were routinely exploited in 2020: CVE-2020-1472, CVE-2018-13379, and CVE-2019-11510. Their continued exploitation indicates that many organizations fail to patch software in a timely manner and remain vulnerable to malicious cyber actors, the advisory stated.To mitigate the risks of falling victim to attacks that exploit such vulnerabilities, the advisory urged organizations to implement vulnerability and configuration management, identity and access management, and protective controls and architecture. Related content news Dell data breach exposes data of 49 million customers The company says the breach compromised non-critical customer data and involved no sensitive personal or financial information. By Shweta Sharma May 10, 2024 3 mins Data Breach Hacking feature Social engineering: Definition, examples, and techniques Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems, or data. Train yourself to spot the signs. By Josh Fruhlinger May 10, 2024 15 mins Phishing Social Engineering feature Some strategies for CISOs freaked out by the specter of federal indictments Experts at this year's RSA Conference offered strategies to help CISOs cope with the prospect of facing federal indictments over their handling of cyber incidents. By Cynthia Brumfield May 10, 2024 7 mins CSO and CISO Legal Security Practices interview Strong CIO-CISO relations fuel success at Ally CIO Sathish Muthukrishnan and CISO Donna Hart have forged a partnership steeped in Ally’s culture of radical candor that keeps the financial services firm secure and innovative. By Dan Roberts May 09, 2024 9 mins CIO CSO and CISO IT Leadership PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe