Microsoft Exchange bugs top list of exploited vulnerabilities affecting financial sector
Two bugs affecting Microsoft products topped a survey of exploited vulnerabilities being used to target the U.S. financial services sector, according to new research.
Researchers at the cybersecurity company LookingGlass examined public internet-facing assets from over 7 million IP addresses belonging to the sector in November 2022 – finding that a seven-year-old Remote Code Execution vulnerability affecting Microsoft Windows topped the list.
“It was interesting to see that our research detected CVE-2015-1635, a Remote Code Execution vulnerability affecting Microsoft Windows, over 900 times in the finance sector, but this vulnerability is seven years old,” said LookingGlass CEO and former CISA Assistant Director Bryan Ware.
“This goes to show that when hackers find a successful attack method, they continue to exploit it for years to come, particularly in highly advantageous industries like the financial sector.”
The next most common exploited vulnerability was CVE-2021-31206 affecting Microsoft Exchange Servers – one of the most popular bugs among cybercriminals and state-backed actors.
CISA and several other cybersecurity agencies around the world warned in September that Iranian military groups were exploiting the bug widely.
Several other Microsoft Exchange vulnerabilities made LookingGlass’ list, including CVE-2021-34523, CVE-2021-31207 and CVE-2021-34473 – known collectively as “ProxyShell.” They found the bugs exposed “almost 60 times in the sector” in November.
The report notes that the notorious Chinese government hacking group called HAFNIUM was exploiting CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 – other vulnerabilities affecting Microsoft Exchange.
“Across the U.S. financial sector, more than half of the vulnerabilities our platform detected reside in the insurance subsector, roughly a quarter fell under credit intermediaries, and about one in three of all vulnerabilities were carried over from third party services providers.”
The report notes that the insurance subsector is a primary target for criminal activity because of how much personal information and financial data it holds.
The U.S. Department of Treasury said in November that U.S. financial institutions absorbed nearly $1.2 billion in costs associated with ransomware attacks alone in 2021 – a nearly 200% increase over the previous year.
There were 1,489 reported incidents, compared to 487 in 2020, with researchers reporting that “ransomware continues to pose a significant threat to U.S. critical infrastructure sectors, businesses, and the public.”