The 5 Vulnerabilities Hackers Utilised Most in 2020

According to Gartner, 99% of the vulnerabilities exploited by the end of 2020 were the ones known by security and IT professionals at the time of the incident. However, taking care of them is tiresome, as it takes 38 days to implement a patch and only in the past year 12,174 new common vulnerabilities and exposures (CVEs) were reported. Software vendors are constantly publishing patches to fix identified problems, but the users themselves are responsible for the updates. Failing to install them leaves the backdoor open for cybercriminals who can utilise it for a breach.

“To enhance the chances of  a successful attack, cybercriminals normally look for the weak links in software used by many people, namely, office programs or cloud services. Therefore, even the innocent-looking DOC or RTF file can be hazardous, providing it has a malicious piece of code. It is executed immediately after the user opens the file and consequences are unpredictable. The risk amplifies as people work remotely in the pandemic of course” says Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams.

5 Vulnerabilities Attackers Leveraging Most 

Even though taking care of all the patches seems impossible, hackers leverage some more frequently. It is either because of their scope, the potential damage, or the number of devices affected. Here are five of the most troublesome that IT security professionals have had to deal with in 2020.

  1. CVE-2012-0158. Despite being near a decade-old, CVE-2012-0158 is still employed and remains among the top CVEs in 2020. It is aimed at Microsoft products and can be activated upon the user opening a corrupt DOC or RTF file. The code can install malicious programs and has even been targeted at governments and officials, including a Canadian medical organization, where a corrupt RTF file was sent from a spoofed World Health Organisation email address.


  1. CVE-2019-0604. One of the recent vulnerabilities affecting Microsoft SharePoint, a platform used for file sharing and collaboration online. An attacker who utilises the CVE-2019-0604 can run a code in the context of the SharePoint application pool and the SharePoint server farm account. It allows hackers to install a webshell and hence access the system and even the internal networks on which it resides, meaning more devices can get affected. Last year hackers used this vulnerability to breach into the UN and access 400 GB of sensitive data.


  1. CVE-2020-4006. Just a few weeks ago the NSA released a Cybersecurity Advisory about Russian state-supported actors trying to leverage CVE-2020-4006 vulnerability, aimed at various VMware digital workspace services. With the access to the specific port 8443 and the admin credentials, the unrestricted privileges on the underlying operating system became available to hackers. This security gap is dangerous as it is fairly recent and patches only started to roll out.


  1. CVE-2018-7600. Users shouldn’t forget taking security measures when using an external content management system (CMS). The CVE-2018-7600 is believed to have affected hundreds of Drupal users. The vulnerability exists within Drupal 7.x and 8.x versions and cyber criminals can leverage it to completely compromise the site. The breach was used to install cryptocurrency mining malware on the unpatched Drupal websites.


  1. CVE-2019-19781. The vulnerability codenamed as CVE-2019-19781 was exploited by both cybercriminals and nation-state hackers for ransomware attacks and espionage on organisations using the Citrix server application and desktop virtualisation software. Among those attacked were Gedia Automotive Group, Bretagne Telecom and Conduent. Unauthenticated cybercriminals were able to connect to the affected computers and execute arbitrary codes on them.

Securing Remote Access

According to NordVPN Teams’ expert “consistent patching and endpoint hardening is challenging due to the digital transformation and modern workforce evolution. Enterprises highlight the difficulty in patching systems belonging to mobile employees or remote offices. During the pandemic, the problems multiply, as more people work remotely”. To stay immune to cyber attacks, enterprises should take five steps in securing organisation’s data from vulnerabilities:

  • Implement firewalls (including web application firewalls)
  • Administer multi-factor authentication
  • Ensure secure connections and strong password
  • Utilise intrusion detection systems
  • Constantly monitor and update web platforms

Additionally, cloud based VPNs can also be employed to encrypt data and add an extra security layer to the system. Besides, if there’s a network segmentation in place, employees can only access the systems needed to perform job functions, whereas fixed IP reduces the surface area to leverage those unpatched vulnerabilities.

Cyber criminals are constantly scanning digital products and services for weak links and, likewise, do the software producers and IT professionals. Therefore it is wise to accept all software updates as soon as they roll out and regularly check the CVE database for fresh cyber threats spotted around the globe.