Tenable: Cyberattackers Exploit Known Vulnerabilities

In the last quarter of 2023, Tenable reported a surge in successful cyberattacks, largely attributed to threat actors exploiting known vulnerabilities. Tenable's Research Team analyzed telemetry data, revealing that 54% of devices affected by 'CitrixBleed' (also known as CVE-2023-4966, the prominent vulnerability of Q4 2023) remained unremediated as of January 2024.

This concerning statistic indicates a significant delay in patching, with more than three months passing since the patch's initial announcement. The persistence of unaddressed vulnerabilities underscores the critical need for prompt and thorough mitigation efforts by organizations to safeguard against cyber threats. Tenable's findings highlight the importance of proactive vulnerability management strategies and the urgency for timely patching to mitigate the risk posed by known vulnerabilities and prevent potential cyberattacks. 

Two Cisco vulnerabilities, CVE-2023-20198 and CVE-2023-20273, formed part of an attack chain targeting Cisco devices with Internetworking Operating System (IOS) and IOS XE operating systems. However, as of the analysis, only 39% of affected devices had been remediated. This low remediation rate indicates a significant portion of devices remain vulnerable to exploitation. It underscores the imperative for swift action in addressing known vulnerabilities to enhance cybersecurity posture and mitigate potential risks associated with attacks targeting Cisco infrastructure. 

Despite the attention garnered by zero-day exploits and AI-powered threats in media headlines, it's the exploitation of known and unpatched vulnerabilities that occurs most frequently. This is particularly true when combined with opportunistic tactics by malicious actors, which enables the persistence of ransomware attacks.

While cutting-edge threats may capture public interest, it's essential not to overlook the critical importance of addressing known vulnerabilities promptly. Neglecting to patch these vulnerabilities can leave systems and networks vulnerable to exploitation, making them easy targets for cybercriminals seeking to deploy ransomware and other malicious activities. Therefore, proactive measures to identify and remediate known vulnerabilities remain paramount in fortifying cybersecurity defenses against prevalent threats. 

“Threat actors continue to find success with known and exploitable vulnerabilities that organizations have failed to patch or remediate successfully. These long-known vulnerabilities frequently cause more destruction than emerging threats,” said Satnam Narang, Senior Staff Research Engineer, at Tenable.

Even after the public disclosure of the Atlassian Confluence bug (CVE-2023-22518) in November 2023 and subsequent alerts regarding its exploitation for disseminating the C3RB3R Ransomware, 43% of assets were still susceptible as of January 23, 2024. On December 20, 2023, there was a surge in attempts from various IP addresses to exploit multiple Atlassian flaws, including CVE-2023-22515 and CVE-2023-22518. Despite these efforts, nearly half of the assets remain vulnerable to exploitation. 

"The key to keeping attackers at bay is organizations understanding the tactics, techniques, and procedures employed. By digesting existing knowledge of common breach scenarios and implementing preventive measures, organizations can mitigate such risks. Organizations should focus on identifying and rectifying vulnerabilities promptly and addressing common misconfigurations to bolster cyber hygiene, " said Narang.