Measuring the Global Impact of the NSA’s Top 25 Vulnerabilities Being Exploited In the Wild

By : Adi Ikan | Friday, October 30 2020 - 10:05 IWST

Adi Ikan - Network Research & Protection Group Manager, at Check Point Software Technologies (Photo by Linkedin)
Adi Ikan - Network Research & Protection Group Manager, at Check Point Software Technologies (Photo by Linkedin)

INDUSTRY.co.id - Check Point Software researchers show that on average, hackers exploited NSA’s top 25 vulnerabilities 7x more in the past 6 months compared to other vulnerabilities in 2020.

NSA’s list of top vulnerabilities were used to launch 3 million attacks in 2020, with 2.5 million of those attacks occurring in the last 6 months.

Attacks targeted 161 countries world-wide. Top 5 most attacked countries were USA, Germany, United Kingdom, Indonesia and the  Netherlands.

Highest attacked industry globally is the government/military sector (22.75% of all attacks).

Security researchers at Check Point conducted an analysis to highlight the severity of the 25 vulnerabilities outlined in US National Security Agency's (NSA) report. Their findings revealed that hackers exploited many of those 25 vulnerabilities listed in NSA’s report and that on average, those vulnerabilities were exploited 7 times more comparing to other vulnerabilities in 2020.

Deeper investigation showed that the exploited vulnerabilities were used to launch 3 million attacks in 2020, with 2.5 million of those attacks occurring in the last 6 months. Each of these attacks were thwarted by Check Point. Compared to other cyber security vendors, Check Point has the highest protection rate against the 25 vulnerabilities listed by the NSA.

Top 5 Most Attacked Countries via NSA’s 25

All in all, the attacks exploiting the top 25 vulnerabilities in NSA’s report targeted 161 countries worldwide. Check Point researchers ranked the top 5 attacked countries:

USA, Germany, United Kingdom, Indonesia, The Netherlands.

Attacks by Industry

The attacks documented in researchers’ analysis affected a range of industries globally in the last 6 months. In the United States, almost 30% of the attacks targeted Government/Military victims, which marks 31% more in comparison to the rest of the world.

Figure: Global distribution of affected industries

The NSA listed these 25 vulnerabilities for good reason: they’re very serious. Check Point decided to conduct an analysis to demonstrate the degree to which hackers have leaned on these vulnerabilities. The numbers behind the list are staggering. The fact, that on average, those vulnerabilities were exploited 7 times more compared to other vulnerabilities in 2020 shows how hackers focus their efforts around specific flaws that they know are widespread. Check Point thwarted over 3M attacks related to these vulnerabilities in 2020, and we have the highest protection rate for each of the 25 vulnerabilities outlined by the NSA.

It’s clear that hackers today are using more sophisticated ways to conduct severe attacks on networks, in order to create damage and disruption. In the run-up to the U.S. presidential election, if any election system uses any of these platforms, they could be a target for hackers, unless systems get patched. We strong urge organisations everywhere to implement patches for the 25 vulnerabilities outlined in NSA’s report – one by one.

Security Tips to keep your Organisation Safe

Patch your servers. We strongly recommend users to patch their servers in order to prevent the exploitation of such vulnerabilities. All 25 security bugs are well known and have patches available from their vendors, ready to be installed.

Use IPS. Intrusion Prevention System (IPS) prevents attempts to exploit weaknesses in vulnerable systems or applications, protecting you in the race to exploit the latest breaking threat. Updated IPS helps your organisation stay protected.

Protect your endpoints. Conventional signature-based Anti-Virus is a highly efficient solution for preventing known attacks and should definitely be implemented in any organisation, as it protects against a majority of the malware attacks that an organisation faces. In addition, comprehensive endpoint protection at the highest security level is crucial in order to avoid security breaches and data compromises

News Comment

Today's Industry

Synopsys Software

Rabu, 13 Januari 2021 - 18:40 WIB

Synopsys Recognised as a Leader in Static Application Security Testing by Independent Research Firm

Synopsys receives highest score among 12 SAST providers in current offering category.

Electro-Balancer (E-Balancer)

Rabu, 13 Januari 2021 - 16:00 WIB

ZASCHE Handling Rolls Out New Range of Electric Balancers

the E-Balancer is a versatile tool suited for a broad range of heavy-duty industrial applications.

Ilustration Collaborative robots – or cobots (Photo by Robotic Industries Association)

Selasa, 29 Desember 2020 - 16:25 WIB

Universal Robots Reaches Industry Milestone with 50,000 Collaborative Robots Sold

Cobot market pioneer Universal Robots (UR) solidified its frontrunner position today by selling the 50,000th UR cobot, which was purchased by a German manufacturer to enable higher productivity…

MP200 ExtremeBevel

Rabu, 23 Desember 2020 - 14:05 WIB

Hypertherm Introduces Extreme Bevel Plasma Consumables for its MAXPRO200 Air and Oxygen Plasma System

The MAXPRO200 is a true workhorse for companies demanding great cut quality along with high productivity and low operating costs.

Australian Research Council (ARC) Discovery Project

Kamis, 17 Desember 2020 - 15:50 WIB

Silver Lining of Marine Paints

Now a new $445,000 Australian Research Council (ARC) Discovery Project (DP210101243) led by Flinders University College of Science and Engineering experts will expand research into finding better…