HC3 TLP White Alert: Top Routinely Exploited Vulnerabilities of 2020 and 2021

July 29, 2021

Executive Summary

The recently released Joint Cybersecurity Advisory coauthored by the U.S. Cybersecurity and Infrastructure Security Agency, U.S. Federal Bureau of Investigation, U.K. National Cyber Security Centre, and Australian Cyber Security Centre contains information on the top 30 vulnerabilities malicious cyber actors have most often exploited since the beginning of 2020 to July 2021.

The advisory contains vulnerability descriptions, indicators of compromise, detection methods, patch availability, mitigation recommendations, and vulnerable technologies and versions.

Report

CISA - Alert (AA21-209A) Top Routinely Exploited Vulnerabilities

Impact to HPH Sector

The impact to the HPH Sector regarding these vulnerabilities is extremely high. It is imperative that each of these CVEs be checked against organizations鈥 networks to ensure that applicable patches are applied.

To highlight the seriousness of these vulnerabilities, since the beginning of 2020:

  • Russian cyber espionage group APT29 (aka 鈥淐ozy Bear鈥 or 鈥渢he Dukes鈥) has been identified using CVEs targeting Citrix, Pulse Secure, and Fortinet, to target COVID-19 vaccine research and development
  • The Accellion File Transfer Appliance fell victim to a cyber attack which impacted numerous healthcare entities 
  • Microsoft Exchange Servers across the HPH fell victim to the Chinese cyber threat actor HAFNIUM
  • HC3 has observed a threat actor on the dark web advertise network access to an IT support company with healthcare customers in the U.S. via a VMware vulnerability, allowing user logon and remote user access

HC3 has previously developed reports on some of these vulnerabilities:

  • HC3 - Active Exploitation of Pulse Secure Zero-Day Vulnerabilities by Multiple Threat Actors   
  • HC3 鈥 Tools for Detection of Compromise of Microsoft Exchange Server Vulnerabilities
  • HC3 - Microsoft Patches Zero-Day Vulnerabilities Being Actively Exploited by a Threat Actor who has Historically Targeted Healthcare Organizations
  • HC3 - Accellion Compromise Impacts Many Targets Including Healthcare Organizations
  • HC3 鈥 Pulse Secure VPN Servers Leak: Incident Case Study

References

Joint Seal 鈥 AA21-209A Top Routinely Exploited Vulnerabilities (PDF Version)

Contact Information

If you have any additional questions, please contact us at HC3@hhs.gov.

 

Key Resources

Related Resources

Advancing Health Podcast
Leadership Dialogue Series: Cybersecurity and the Fight to Safeguard Health Care
Public
Leadership Rounds
Leadership Dialogue
Public
Special Bulletin
UPDATE: AHA and Health-ISAC Threat Advisory: FBI Advises No Specific Credible Threat Targeting Hospitals
Public
Special Bulletin
AHA and Health-ISAC Bulletin on Threat to Hospitals
Member
AHA Center for Health Innovation Market Scan
Rural Hospitals Move to Enhance Cybersecurity
Advancing Health Podcast
Critical Condition: Cybersecurity in Rural Hospitals with Microsoft Part 2