Measuring the Global Impact of the NSA’s Top 25 Vulnerabilities Being Exploited In the Wild

By : Adi Ikan | Friday, October 30 2020 - 10:05 IWST

Adi Ikan - Network Research & Protection Group Manager, at Check Point Software Technologies (Photo by Linkedin)
Adi Ikan - Network Research & Protection Group Manager, at Check Point Software Technologies (Photo by Linkedin)

INDUSTRY.co.id - Check Point Software researchers show that on average, hackers exploited NSA’s top 25 vulnerabilities 7x more in the past 6 months compared to other vulnerabilities in 2020.

NSA’s list of top vulnerabilities were used to launch 3 million attacks in 2020, with 2.5 million of those attacks occurring in the last 6 months.

Attacks targeted 161 countries world-wide. Top 5 most attacked countries were USA, Germany, United Kingdom, Indonesia and the  Netherlands.

Highest attacked industry globally is the government/military sector (22.75% of all attacks).

Security researchers at Check Point conducted an analysis to highlight the severity of the 25 vulnerabilities outlined in US National Security Agency's (NSA) report. Their findings revealed that hackers exploited many of those 25 vulnerabilities listed in NSA’s report and that on average, those vulnerabilities were exploited 7 times more comparing to other vulnerabilities in 2020.

Deeper investigation showed that the exploited vulnerabilities were used to launch 3 million attacks in 2020, with 2.5 million of those attacks occurring in the last 6 months. Each of these attacks were thwarted by Check Point. Compared to other cyber security vendors, Check Point has the highest protection rate against the 25 vulnerabilities listed by the NSA.

Top 5 Most Attacked Countries via NSA’s 25

All in all, the attacks exploiting the top 25 vulnerabilities in NSA’s report targeted 161 countries worldwide. Check Point researchers ranked the top 5 attacked countries:

USA, Germany, United Kingdom, Indonesia, The Netherlands.

Attacks by Industry

The attacks documented in researchers’ analysis affected a range of industries globally in the last 6 months. In the United States, almost 30% of the attacks targeted Government/Military victims, which marks 31% more in comparison to the rest of the world.

Figure: Global distribution of affected industries

The NSA listed these 25 vulnerabilities for good reason: they’re very serious. Check Point decided to conduct an analysis to demonstrate the degree to which hackers have leaned on these vulnerabilities. The numbers behind the list are staggering. The fact, that on average, those vulnerabilities were exploited 7 times more compared to other vulnerabilities in 2020 shows how hackers focus their efforts around specific flaws that they know are widespread. Check Point thwarted over 3M attacks related to these vulnerabilities in 2020, and we have the highest protection rate for each of the 25 vulnerabilities outlined by the NSA.

It’s clear that hackers today are using more sophisticated ways to conduct severe attacks on networks, in order to create damage and disruption. In the run-up to the U.S. presidential election, if any election system uses any of these platforms, they could be a target for hackers, unless systems get patched. We strong urge organisations everywhere to implement patches for the 25 vulnerabilities outlined in NSA’s report – one by one.

Security Tips to keep your Organisation Safe

Patch your servers. We strongly recommend users to patch their servers in order to prevent the exploitation of such vulnerabilities. All 25 security bugs are well known and have patches available from their vendors, ready to be installed.

Use IPS. Intrusion Prevention System (IPS) prevents attempts to exploit weaknesses in vulnerable systems or applications, protecting you in the race to exploit the latest breaking threat. Updated IPS helps your organisation stay protected.

Protect your endpoints. Conventional signature-based Anti-Virus is a highly efficient solution for preventing known attacks and should definitely be implemented in any organisation, as it protects against a majority of the malware attacks that an organisation faces. In addition, comprehensive endpoint protection at the highest security level is crucial in order to avoid security breaches and data compromises

News Comment

Today's Industry

Ilustration Hackers (Photo by Microwire.info)

Jumat, 30 Oktober 2020 - 11:20 WIB

Organisations Paid Hackers US$23.5 Million for These 10 Vulnerabilities in One Year

HackerOne report reveals cross-site scripting, improper access control, and information disclosure top list of most common and impactful vulnerabilities.

Clean Earth Technologies (CET)

Jumat, 30 Oktober 2020 - 10:30 WIB

Clean Earth Technologies’ New Class Of Polymers Invented By Associate Professor, Justin Chalker, Receives Australian Pm’s New Innovator Award

Associate Professor Justin Chalker has invented a novel class of polymers synthesised directly from elemental sulphur which is a waste by-product of the petrochemical industry and renewable…

SMILE to Empower Smallholders

Kamis, 29 Oktober 2020 - 08:35 WIB

Kao Corporation, Apical & Asian Agri Join Hands to Empower Smallholders with SMILE Program

SMILE or the SMallholder Inclusion for better Livelihood & Empowerment program to help independent oil palm smallholders in Indonesia improve their yields, acquire international certification,…

Industrial Area Ilustration

Rabu, 28 Oktober 2020 - 08:40 WIB

CFLD Develop a Strategic Industrial Area which is Supported by Seven New Infrastructures

Segye ASEAN Forum 2020 which is a series of Indonesian and Korean Manufacturing Industry Partnership forum events held, was attended virtually by more than 500 executives from well-known manufacturing…

Hilton – Asia Pacific (Photo by Hilton Asia Pacific - Posts | Facebook)

Selasa, 27 Oktober 2020 - 15:40 WIB

Waldorf Astoria to Debut in Japan with Milestone Signing In Tokyo

Set to open in 2026, Waldorf Astoria Tokyo Nihonbashi to Offer Timeless Luxury and Unrivaled Service in Japan’s Cultural Capital.