Microsoft is warning of an increase in nation-states and criminal actors increasingly taking advantage of publicly disclosed zero-day vulnerabilities to compromise target environments.
The tech giant, in its 114-page Digital Defense Report, said it had “observed a reduction in the time between notification of a security vulnerability and its dissemination.” making it imperative for organizations to patch such exploits in a timely manner.
This is also corroborated with April 2022 advice from the Agency Network security and American Infrastructure (CISA), which found that the bad guys were “actively” targeting the bugs. software recently revealed against widespread targets across the globe.
Microsoft notes that it only takes an average of 14 days for exploits to become available in the wild after making the vulnerability public, saying that while initial zero-day attacks are limited in scope, they tend to be fast. quickly adopted by other threat actors, leading to indiscriminate polling events before patches are installed.
It went on to accuse Chinese state-sponsored groups of being “particularly adept” at discovering and developing zero-day exploits.
This is further reinforced by the fact that the Cyberspace Administration of China (CAC) issued a new vulnerability reporting regulation in September 2021 requiring security flaws to be reported to the government. government before they are shared with product developers.
The law, Redmond added, could allow government-backed actors to hoard and weaponize reported bugs, leading to increased use of zero-day for espionage to promote espionage. China’s economic and military interests.
Some of the vulnerabilities first exploited by Chinese actors before being started by other rival groups include:
CVE-2021-35211 (CVSS score: 10.0) – One flaw remote code execution in SolarWinds Serv-U Managed File Transfer Server and Serv-U Secure FTP software were exploited by DEV-0322.
CVE-2021-40539 (CVSS Score: 9.8) – An authentication bypass vulnerability in Zoho ManageEngine ADSelfService Plus was exploited by DEV-0322 (TiltedTemple).
CVE-2021-44077 (CVSS Score: 9.8) – An unauthenticated remote code execution vulnerability in Zoho ManageEngine ServiceDesk Plus was exploited by DEV-0322 (TiltedTemple).
CVE-2021-42321 (CVSS Score: 8.8) – A remote code execution vulnerability in Microsoft Exchange Server was exploited three days after it was revealed during the Tianfu Cup hacking competition on October 16-17, 2021.
CVE-2022-26134 (CVSS Score: 9.8) – An object graph navigation language (OGNL) insertion vulnerability in Atlassian Confluence was likely exploited by a China-related actor against a hidden entity in the name of the United States a few days before the vulnerability was disclosed on June 2.
The findings also come nearly a month after CISA released a list of the top security vulnerabilities weaponized by organizations in China since 2020 to steal intellectual property and develop access access sensitive networks.
“Zero-day vulnerabilities are a particularly effective means of initial exploitation, and once publicly exposed, vulnerabilities can quickly be discovered by other countries and actors,” the company said. crime reuse”.