Site icon Check Point Blog

Top Vulnerabilities in 2023 and How to Block Them

Before cyber attackers can wage successful malware or ransomware campaigns, they have to gain access to their target environments. In 2022, half of the Check Point Incident Response Team’s cases resulted from attackers gaining access by exploiting known vulnerabilities. By the time malicious activities—ransomware, spoofed or forged emails, malware files or unknown computer processes—became visible, attackers had already gained access and laid the foundation for a successful campaign.

2023 Top Vulnerabilities

Which vulnerabilities should you be most concerned about in 2023? Check Point Research’s 2023 Cyber Security Report describes the top vulnerabilities based on data collected by the Check Point Intrusion Prevention System (IPS) sensor network. It shows that new vulnerabilities are increasingly used—those reported in the past three years were used in 24% percent of exploitation attempts in 2022, compared to only 18% of attempts in 2021.

ProxyShell

ProxyShell is an attack chain that exploits three vulnerabilities in Microsoft Exchange Server—ProxyShell, ProxyLogon and ProxyNotShell. Combining these vulnerabilities allows unauthenticated attackers to perform Remote Code execution (RCE) on vulnerable servers. Even though these vulnerabilities were reported and patched in 2021, they’re still at the top of the most exploited vulnerabilities list in 2022 and often result in major breaches.

Follina in Microsoft Office

Even though Microsoft now disables macros in documents from external sources, attackers use specially crafted .docx and .rtf documents to download and execute malicious code even when macros are disabled or the document is in Protected Mode. Threat actors exploited Follina in unpatched systems to deploy Qbot and other Remote Access Trojans (RATs), making Follina one the most frequently used vulnerabilities discovered in 2022.

Fortinet

Two critical bugs in Fortinet products reported in October 2022 (CVSS score: 9.6) and December (CVSS score: 9.3) allow unauthenticated attackers to execute arbitrary code using specially crafted requests. The company issued updates while CISA warned of significant risk to federal organizations. Exploitation attempts of CVE-2022-40684 at the beginning of 2023 affected 18% of organizations.

The Best Prevention: Virtual Patching with a Cloud IPS

Attackers often exploit exposed Windows Remote Desktop Protocol (RDP) services and unpatched Remote Code Execution (RCE) vulnerabilities to execute commands and place malicious code in a network. Mail servers are often the weak link. Many organizations don’t deploy endpoint security or anti-ransomware products on servers for fear of compromising performance. With high numbers of vulnerabilities, network exposure and poor patch management, servers are a common open door for attackers.

Timely patching is essential—but not enough. A Secure Access Service Edge (SASE) solution, like Check Point Harmony Connect, helps prevent attackers from exploiting vulnerabilities and gaining persistence in your network. It combines four powerful capabilities in a full SASE solution.

The Only Prevention-First SASE Solution: Harmony Connect

Mor Ahuvia

Exit mobile version