Routinely Exploited Vulnerabilities

Mitigation,Scams

January 1, 2023

The Cybersecurity and Infrastructure Security Agency (CISA), along with US and international partners, released this Joint Cybersecurity Advisory providing details on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2022 and the associated Common Weakness Enumeration(s) (CWE). In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems. The authoring agencies strongly encourage vendors, designers, developers, and end-user organizations to implement the recommendations found within the mitigations section of the advisory—including the following—to reduce the risk of compromise by malicious cyber actors.

Vendors, designers, and developers:

  • Implement secure-by-design and -default principles and tactics to reduce the prevalence of vulnerabilities in your software.
  • Follow the Secure Software Development Framework (SSDF), also known as SP 800-218, and implement secure design practices into each stage of the software development life cycle (SDLC). As part of this, establish a coordinated vulnerability disclosure program that includes processes to determine root causes of discovered vulnerabilities.
  • Prioritize secure-by-default configurations, such as eliminating default passwords, or requiring addition configuration changes to enhance product security.
  • Ensure that published CVEs include the proper CWE field identifying the root cause of the vulnerability.

End-user organizations:

  • Apply timely patches to systems. Note: First check for signs of compromise if CVEs identified in this CSA have not been patched.
  • Implement a centralized patch management system.
  • Use security tools, such as endpoint detection and response (EDR), web application firewalls, and network protocol analyzers.
  • Ask your software providers to discuss their secure-by-design program and to provide links to information about how they are working to remove classes of
    vulnerabilities and to set secure default settings.

Reporting

The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report. Contact us here at Cyber Command with any more questions.