home Technology Cyber If it Ain’t Broke, Go Fix It- How Cybercriminals Keep Exploiting the...

If it Ain’t Broke, Go Fix It- How Cybercriminals Keep Exploiting the Same Old Vulnerabilities

Aug 10, 2023

This post is also available in: עברית (Hebrew)

Turns out that the old saying “if it ain’t broke- don’t fix it” does not apply to your company’s systems. It has been proven that cybercriminals worldwide are routinely exploiting over 40 common vulnerabilities in systems.

A new joint cybersecurity advisory report written by international cybersecurity agencies reveals that many cybercriminals use older software vulnerabilities more frequently than recently discovered ones, and their main target is unpatched internet-facing systems.

The report states that the proof-of-concept code for many software vulnerabilities or vulnerability chains is public and utilized by a broad range of malicious actors. Exploiting critical, widespread, and publicly known vulnerabilities gives cybercriminals low-cost, high-impact tools they can use for a few years because organizations are slow in patching their systems.

According to Cybernews, most of the success in exploiting known flaws can be achieved until two years after they were publicly disclosed, since their value gradually decreases as software is updated or upgraded.

The report states that “Malicious cyber actors likely prioritize developing exploits for severe and globally prevalent common vulnerabilities and exposures,” and adds that timely patching reduces the effectiveness of such attacks and pushes hackers to work harder.

The authoring agencies of the report recommend that developers and organizations identify their most exploited vulnerabilities, implement appropriate mitigations, follow appropriate secure software design and development practices, and improve their cybersecurity measures accordingly.

Furthermore, they include a list of all the fundamental practices of cybersecurity hygiene, which include: