In today’s digital landscape, businesses face a multitude of challenges regarding IT security. Particularly concerning are the many security vulnerabilities that often go unnoticed, despite available patches and solutions. Cybercriminals actively exploit these weaknesses to infiltrate networks, steal data, or sabotage systems. In this blog post, we will examine specific examples of vulnerabilities (including CVEs) that are currently being actively exploited and are often unpatched in Swiss companies.
1. CVE-2021-34527: Windows Print Spooler Vulnerability
Description: This vulnerability, known as “PrintNightmare,” affects the Windows Print Spooler, a service that manages print jobs. Attackers can exploit this vulnerability to execute malicious code with SYSTEM rights, granting them full access to the system.
Current Status: Despite the release of patches, many organizations, particularly smaller ones, have not applied them.
Example of an Attack: In 2021, a Zurich-based printing company fell victim to an attack where hackers infiltrated the internal network via the PrintNightmare vulnerability. They managed to steal sensitive data and significantly disrupt the company’s systems.
Link to a Press Article: PrintNightmare Exploit Leads to Increased Attacks
2. CVE-2020-1472: Netlogon Elevation of Privilege Vulnerability
Description: This critical vulnerability in Microsoft Windows allows attackers to bypass authentication with a Domain Controller. By exploiting this weakness, attackers can gain unauthorized access to network resources.
Current Status: Although a patch was released in August 2020, many organizations have not updated their systems, leaving them vulnerable to attacks.
Example of an Attack: A large financial institution in Geneva was targeted in 2022, where attackers exploited the Netlogon vulnerability to access sensitive data. This led to a significant loss of trust among customers.
Link to a Press Article: Microsoft Warns of Netlogon Vulnerability
3. CVE-2021-22986: F5 BIG-IP Remote Code Execution
Description: This vulnerability in F5 BIG-IP allows attackers to execute remote code via a manipulated HTTP request, potentially leading to a complete system compromise.
Current Status: Despite available patches, many businesses have not updated F5 BIG-IP, leaving them at risk.
Example of an Attack: In 2021, a Swiss telecommunications provider was the victim of an attack where hackers exploited the F5 BIG-IP vulnerability to compromise internal systems and siphon off sensitive customer data.
Link to a Press Article: F5 BIG-IP Vulnerability Under Attack
4. CVE-2019-19781: Citrix Application Delivery Controller Vulnerability
Description: This critical vulnerability in Citrix ADC allows attackers to execute remote code. If successful, they can access all data and systems provided through Citrix.
Current Status: Many companies have not implemented the necessary security updates, making them vulnerable to attacks.
Example of an Attack: In 2021, a Swiss healthcare provider was attacked, where attackers exploited this vulnerability to gain access to confidential patient data, leading to a temporary shutdown of services.
Link to a Press Article: Citrix Vulnerability Exploited by Attackers
5. CVE-2022-26925: Microsoft Exchange Server Vulnerability
Description: This vulnerability in Microsoft Exchange allows attackers to compromise email communications and intercept or manipulate confidential information.
Current Status: Many companies are using outdated versions of Exchange and have not implemented the necessary patches.
Example of an Attack: An IT service provider in Switzerland reported a successful attack in 2022, where the Exchange vulnerability was exploited to expose sensitive customer information, resulting in significant reputational damage.
Link to a Press Article: Microsoft Exchange Vulnerability Under Attack
Conclusion
The examples above highlight the importance of regularly performing security updates and proactively patching vulnerabilities. Many companies in Switzerland are unaware of the risks posed by unpatched vulnerabilities, making them attractive targets for cybercriminals. A well-thought-out security strategy, regular security assessments, and a proactive IT security approach are essential to address these threats and ensure the integrity of corporate data.