Microsoft Exchange and FortiOS flaws were the most sought after by cybercriminals.
Q4 2022 ReliaQuest vulnerability review.
ReliaQuest has published a report looking at the most commonly exploited types of vulnerabilities in the fourth quarter of 2022.
Memory corruption and privilege escalation lead the pack.
The two most exploited types of vulnerabilities were memory corruption and privilege escalation, both accounting for 21% of incidents. These were followed by type confusion at 16%, and remote code execution and information disclosure (both at 11%).
The researchers note that while many of the exploited vulnerabilities were low-severity, attackers frequently chain multiple vulnerabilities to carry out more serious attacks.
Criminals discuss vulnerabilities.
The researchers also found that the ProxyNotShell vulnerabilities (CVE-2022-41040 and CVE-2022-41082) were the most commonly discussed on criminal forums. These were followed by vulnerabilities affecting Fortinet’s FortiOS (CVE-2022-40684 and CVE-2022-42475).
The researchers explain, “Cybercriminals are often quick to develop exploit codes following the disclosure of high-severity vulnerabilities, and they often will share these exploits for free on criminal forums. Following these disclosures, it is common to observe a rise in exploitation in the wild. We saw many instances of threat actors sharing PoCs in the past quarter. For example, on 21 Nov 2022, we identified a forum moderator on the popular Russia-speaking cybercriminal forum ‘XSS’' sharing a PoC for ProxyNotShell vulnerabilities. Whenever a PoC is not available, we also frequently observe cybercriminals making posts asking for exploits.”