Google and Microsoft accumulated the most vulnerabilities in H1 2021
Cybercriminals are constantly attempting to exploit vulnerabilities that affect as many people as possible to maximize their profit opportunities. While companies rush to fix flaws in their software with updates, users who forget to install the newest version can become prime targets for cyberattacks.
According to the recent Atlas VPN team findings, Google and Microsoft accumulated the most vulnerabilities in the first half of 2021. Although not all exposures can cause critical damage, hackers could exploit some of them for severe attacks.
The data is based on Telefonica Tech Cybersecurity Report 2021 H1. The report analyzes mobile security and the most common vulnerabilities in today’s cybersecurity landscape.
Google had 547 accumulated vulnerabilities throughout the first half of 2021. Exploiting Google products like Chrome is popular among cybercriminals. More than 3 billion people use the browser, meaning that more internet users can become victims of the exploits.
Next up, the second most exposures were found in Microsoft products — 432. State-sponsored threat actors from China abused Microsoft Exchange Server vulnerabilities to carry out ransomware attacks. Other attackers would drop cryptocurrency miners from the post-exploit web shells.
Oracle registered 316 total vulnerabilities in the first six months of 2021. Usually, the exploits are found in Oracle WebLogic Server, which functions as a platform for developing, deploying, and running enterprise Java-based applications. The exploited flaws could give access to the affected system for remote attackers.
Networking hardware company Cisco accumulated 200 vulnerabilities. Lastly, the producer of software for the management of business processes SAP had 118 exploits in total.
Vulnerability tiers
Some vulnerabilities stand out due to their particular relevance or danger. Exploits that can be turned into a severe attack get more attention from cybercriminals and companies themselves to fix the flaw as soon as possible.
In the first half of 2021, there were 1,023 vulnerabilities found with a risk tier of 10. One of the exploits that applied to such a tier is CVE-2021-22986, with a score of 9.8. The vulnerability was found in the security company’s F5, BIG-IP, and BIG-IQ services. Successful exploitation of the flaw allowed to take complete control of the system.
National Vulnerability Database (NVD) issued risk tier 9 to 927 vulnerabilities. At this tier, exploit CVE-2021-28111 stood out with a score of 8.8. The vulnerability was found in Draeger X-Dock gas detector firmware which stores embedded hard-coded credentials. By extracting and using the credentials, an attacker could execute an arbitrary code on the system.
NVD recorded most vulnerabilities at a risk tier of 8 — 2,164. A notable exploit was CVE-2021-24092, with a score of 7.8. The flaw was found in Windows Defender early this year, however, it had remained undiscovered for 12 years. An attacker using this vulnerability could escalate privileges from a non-administrator user.
Finally, NVD recorded 501 vulnerabilities at risk tier 7. While second-most vulnerabilities — 1,765 — were found at tier 6. Flaws given a lower score are either not dangerous or hardly exploitable.
Exploiting vulnerabilities in Google or Microsoft products allow cybercriminals to probe millions of systems. While the tech giants are doing a fair job of keeping up with exploits and constantly update their software, people and organizations need to follow suit and keep up with the updates to prevent further exploitation.
