Measuring the Global Impact of the NSA’s Top 25 Vulnerabilities Being Exploited In the Wild

By : Adi Ikan | Friday, October 30 2020 - 10:05 IWST

Adi Ikan - Network Research & Protection Group Manager, at Check Point Software Technologies (Photo by Linkedin)
Adi Ikan - Network Research & Protection Group Manager, at Check Point Software Technologies (Photo by Linkedin) - Check Point Software researchers show that on average, hackers exploited NSA’s top 25 vulnerabilities 7x more in the past 6 months compared to other vulnerabilities in 2020.

NSA’s list of top vulnerabilities were used to launch 3 million attacks in 2020, with 2.5 million of those attacks occurring in the last 6 months.

Attacks targeted 161 countries world-wide. Top 5 most attacked countries were USA, Germany, United Kingdom, Indonesia and the  Netherlands.

Highest attacked industry globally is the government/military sector (22.75% of all attacks).

Security researchers at Check Point conducted an analysis to highlight the severity of the 25 vulnerabilities outlined in US National Security Agency's (NSA) report. Their findings revealed that hackers exploited many of those 25 vulnerabilities listed in NSA’s report and that on average, those vulnerabilities were exploited 7 times more comparing to other vulnerabilities in 2020.

Deeper investigation showed that the exploited vulnerabilities were used to launch 3 million attacks in 2020, with 2.5 million of those attacks occurring in the last 6 months. Each of these attacks were thwarted by Check Point. Compared to other cyber security vendors, Check Point has the highest protection rate against the 25 vulnerabilities listed by the NSA.

Top 5 Most Attacked Countries via NSA’s 25

All in all, the attacks exploiting the top 25 vulnerabilities in NSA’s report targeted 161 countries worldwide. Check Point researchers ranked the top 5 attacked countries:

USA, Germany, United Kingdom, Indonesia, The Netherlands.

Attacks by Industry

The attacks documented in researchers’ analysis affected a range of industries globally in the last 6 months. In the United States, almost 30% of the attacks targeted Government/Military victims, which marks 31% more in comparison to the rest of the world.

Figure: Global distribution of affected industries

The NSA listed these 25 vulnerabilities for good reason: they’re very serious. Check Point decided to conduct an analysis to demonstrate the degree to which hackers have leaned on these vulnerabilities. The numbers behind the list are staggering. The fact, that on average, those vulnerabilities were exploited 7 times more compared to other vulnerabilities in 2020 shows how hackers focus their efforts around specific flaws that they know are widespread. Check Point thwarted over 3M attacks related to these vulnerabilities in 2020, and we have the highest protection rate for each of the 25 vulnerabilities outlined by the NSA.

It’s clear that hackers today are using more sophisticated ways to conduct severe attacks on networks, in order to create damage and disruption. In the run-up to the U.S. presidential election, if any election system uses any of these platforms, they could be a target for hackers, unless systems get patched. We strong urge organisations everywhere to implement patches for the 25 vulnerabilities outlined in NSA’s report – one by one.

Security Tips to keep your Organisation Safe

Patch your servers. We strongly recommend users to patch their servers in order to prevent the exploitation of such vulnerabilities. All 25 security bugs are well known and have patches available from their vendors, ready to be installed.

Use IPS. Intrusion Prevention System (IPS) prevents attempts to exploit weaknesses in vulnerable systems or applications, protecting you in the race to exploit the latest breaking threat. Updated IPS helps your organisation stay protected.

Protect your endpoints. Conventional signature-based Anti-Virus is a highly efficient solution for preventing known attacks and should definitely be implemented in any organisation, as it protects against a majority of the malware attacks that an organisation faces. In addition, comprehensive endpoint protection at the highest security level is crucial in order to avoid security breaches and data compromises

News Comment

Today's Industry

TK Elevator’s Taiyuan Botanical Garden project in Shanxi, China

Senin, 06 Desember 2021 - 23:42 WIB

TK Elevator wins Elevator World ‘Project of the Year 2022’ award for moving walks

TK Elevator is pleased to once again receive Elevator World’s Project of the Year award. With its Taiyuan Botanical Garden project in Shanxi awarded “Project of the Year 2022” under the…

Announcing Strategic collaboration agreament between AWS and Metrodata

Rabu, 01 Desember 2021 - 19:38 WIB

Metrodata Collaborates with AWS to Help Indonesian Businesses Transform Using the Cloud

PT Metrodata Electronics Tbk (IDX: MTDL or "Metrodata"), an information and communication technology (ICT) company specializing in digital solutions and hardware and software distribution, announced…

Archipelago Hotel Group’s

Rabu, 01 Desember 2021 - 13:10 WIB

Archipelago International Selects Sabre To Open Up Its Distribution Strategy and Support Aggressive Global Growth Plans    

Sabre Corporation(NASDAQ: SABR), a leading software and technology provider that powers the global travel industry, today announced a new, long-term strategic relationship with Archipelago International…

President Jokowi heads to East Java province, Tuesday (30/11). (Photo by: BPMI/Laily Rachev)

Selasa, 30 November 2021 - 22:45 WIB

President Jokowi to Inaugurate Dams during E. Java Working Visit

President Joko “Jokowi” Widodo Tuesday (30/11) morning left for East Java province for a working visit.

PT Electrolux Indonesia MAKE IT LAST campaign and UltimateTaste range of kitchen products.

Selasa, 30 November 2021 - 22:10 WIB

Electrolux cooperates with Zero Waste Indonesia to launch Make It Last Campaign Sustainable Diet

Electrolux continues to promote sustainable eating through the MAKE IT LAST campaign. The company launched the UltimateTaste range of kitchen products to inspire consumers about better eating…