Google and Microsoft accumulated the most vulnerabilities in the first half of 2021, according to findings from Atlas VPN. Although not all exposures can cause critical damage, hackers could exploit some of them for severe attacks.
Google had 547 accumulated vulnerabilities throughout the first half of 2021. Exploiting Google products like Chrome is popular among cybercriminals. More than 3 billion people use the browser, meaning that more internet users can become victims of the exploits.
Next up, the second most exposures were found in Microsoft products — 432. State-sponsored threat actors from China abused Microsoft Exchange Server vulnerabilities to carry out ransomware attacks. Other attackers would drop cryptocurrency miners from the post-exploit web shells.
Oracle registered 316 total vulnerabilities in the first six months of 2021. Usually, the exploits are found in Oracle WebLogic Server, which functions as a platform for developing, deploying, and running enterprise Java-based applications. The exploited flaws could give access to the affected system for remote attackers.
Some vulnerabilities stand out due to their particular relevance or danger. For example, in the first half of 2021, there were 1,023 vulnerabilities found with a risk level of 10. One of the exploits that applied to such a level is CVE-2021-22986, with a score of 9.8. The vulnerability was found in the security company’s F5, BIG-IP, and BIG-IQ services. Successful exploitation of the flaw allowed to take complete control of the system.
Vulnerabilities with lower scores are either not dangerous or hardly exploitable. However, abusing flaws in Google or Microsoft products allow cybercriminals to probe millions of systems.
The data is based on Telefonica Tech Cybersecurity Report 2021 H1. The report analyzes mobile security and the most common vulnerabilities in today’s cybersecurity landscape.
Read the full report by Atlas VPN.
