Top Known Exploited Vulnerabilities in the financial sector.

LookingGlass Cyber released a blog today explaining the most prevalent known exploited vulnerabilities present in the US financial sector in November of last year.

Insurance most heavily impacted subsector.

Over half of the vulnerabilities detected by LookingGlass in November 2022 were found affecting insurance, with approximately a quarter composed of credit intermediaries, and a third resulting from third-party service providers. “The insurance subsector is a primary target for criminal activity as it hosts significant troves of PII and customer data, so it is noteworthy that this sector contains so many inferred open vulnerabilities compared to others in the financial services sector.”

Most prevalent KEVs in the sector.

The most commonly observed KEV in the US financial services sector was CVE-2015-1635. The seven year old Remote Code Execution vulnerability is said to impact Windows, and is still common in critical infrastructure today. “Successful exploitation of this vulnerability allows a remote attacker to cause a buffer overflow and potentially execute arbitrary code with system privileges. Inclusion in CISA’s KEV Catalog indicates that this vulnerability has been observed exploited in the wild, though we have no reporting to indicate the type of actor or attribution to a specific adversary at this time.”

The second most common was CVE-2021-31206, which impacts Microsoft Exchange Server and was said in a CISA bulletin to be potentially affiliated with the Iranian government’s Islamic Revolutionary Guard Corps (IRGC), but did not explicitly link the vulnerability to Iranian actors. Researchers say they observed this vulnerability open in the sector 700 times in November 2022.