contact us

Top 10 Vulnerabilities Most Searched on Google in 2020

Mar 1, 2021

Top 10 Vulnerabilities Most Searched on Google in 2020

Looking at the top 10 vulnerability search results in Google for 2020 is one way to shed light on what was interesting across the globe. Since Google is ubiquitous this is a collective view of all searches. This includes those seeing information for taking action, looking at risk and patch information, those who will look to exploit this vulnerability, and every variation in between these searches. From the perspective of risk-based vulnerability management, there are a lot of nuggets of interest that came to light in looking at what was popular from the Google 2020 search data.

What we discovered is that these top 10 vulnerabilities trended on Google for a reason and should be a priority for remediation if you have any open findings for them.

The Most Searched Vulnerability

CVE-2019-0708, a remote code execution vulnerability that exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’.

  • By the nature of this vulnerability it can be exploited and capable of initiating remote code execution (RCE)
  • CVSS v3 Criticality of 9.8, RiskSense Vulnerability Risk Rating (VRR) puts it at 10.
  • It has 6 exploits, the most common exploit name is ‘BlueKeep
  • It is currently active with the ransomware family DoppelPaymer
  • There has been an available patch for 647 days (as of Feb. 24th, 2021)

Weaponized and Large Attack Surface Potential

CVE-2017-0143, an RCE vulnerability that exists in Windows Server 2012. From a recent Shodan scan, there are still nearly 300,000 openly visible computers running this software around the globe. This popular Microsoft operating system has an extended lifecycle date into 2023, now is the time to consider upgrades or alternative systems based on this trending data.

Actively Tied to Ransomware

Seven of the top 10 vulnerabilities are associated with 24 ransomware strains as reported in this Spotlight Research Report: Ransomware 2021. Notable among them are Cerber, Petya, Ryuk, Locky, Wannacry, Samsa, and Satan.

CVE-2017-0143 and CVE-2017-11882 individually stand out within the top searched because they are associated with 10 and 8 ransomware strains respectively.

Notoriously Famous

CVE-2017-5638, a vulnerability with RCE capabilities in Apache struts. This vulnerability was used to breach Equifax and expose the personal information of 147 million people. Read more about this vulnerability than you would find on Google in this Spotlight Research Report: Apache Struts.

APT Group Association

Exploiting vulnerabilities is a growing tactic being adopted by APT Groups, taking a page from ransomware families, finding ways to infiltrate their targets. With research from CyberSecurity Works here is how many of the top 10 searched vulnerabilities align with APT Groups and Nation-State affiliation.

CVE APT Group Nation-State  
CVE-2017-0143 APT10 Russia
CVE-2017-11882, CVE-2017-0199 APT41 China
CVE-2017-11882 Cycldek China
CVE-2017-0199 Lazarus Group (APT37 & APT38) North Korea
CVE-2017-11882 OilRig (APT34) Iran

 Common Bond of Having the Same CWE Weakness

Four out of the top ten vulnerabilities are categorized under CWE-20 (Improper input validation). While vulnerabilities are classified by vendors and products we wanted to look at what common baseline trends does our top 10 list reveal. In short, developers across vendors can significantly help by eliminating issues around CWE-20, improper input validation. Vulnerability and application security needs to continuously scan and prioritize remediation more often during the software development lifecycle to prevent these issues. CWE-20 is one of the most common weaknesses listed as #3 on the CWE Top 25 Dangerous Software Error Listing.

Full Listing of the Top 10 Most Searched Vulnerabilities on Google in 2020

CVE
CVE-2019-0708
CVE-2017-11882
CVE-2017-0199
CVE-2018-11776
CVE-2017-5638
CVE-2019-5544
CVE-2017-0143
CVE-2020-0549
CVE-2020-2555
CVE-2018-7600

Pen Tester/Exploit Writers Insights

It’s not always apparent why a CVE would be trending, but insights from our Penetration Testing team wanted us to highlight the following that caught their eye from the Top 10 Google vulnerability search results:

CVE-2019-5544, is an interesting vulnerability that exists in VMware products (ESXI, Enterprise Linux Desktop, Enterprise Linux Server Aus etc.). It is a vulnerability with RCE capabilities in the security advisory and is tied with RansomExx Ransomware. Interestingly, this CVE is not used alone but pairs with CVE (CVE-2020-3992). Chaining vulnerabilities is a speciality among ransomware families. This duo is a high concern because it has the potential to exploit virtual hard disks.

Another notable top result is CVE-2020-0549, a medium severity weakness that exists in Intel products and is capable of resurrecting private browsing history details, passwords etc. This vulnerability was widely searched because this weakness was discovered in 2020 and it has one the largest potential targets as it affects desktop, laptop, cloud computers, physical servers that use intel processor generations released from 2011 onwards.

While our pen testers, security analysts and our research partner Cyber Security Works all found various insights from this research. However, we know it’s harder to keep on top of all of the vulnerabilities within your organization and there is a growing need to accelerate remediation because of ransomware threats.  If you are interested in how RiskSense could in seconds provide what vulnerabilities you should patch immediately, or how our solution enhances your current vulnerability management program, contact us at info@risksense.com.

RiskSense Logo
RiskSense®, Inc. provides vulnerability management and remediation prioritization to measure and control cybersecurity risk. The cloud-based RiskSense platform delivers Risk-Based Vulnerability Management, Application Security Orchestration and Correlation, in addition to our Vulnerability Knowledge Base.These products bring insight to the wide views of vulnerability risk with adversarial threat-context and ties to ransomware. With Vulnerability Risk Rating, threat analytics, and automated playbooks prioritize actions for critical security weaknesses dramatically improving security and IT efficiency and effectiveness of managing attack surface risk.

Contact us at

+1 505-217-9422

Follow Risksense on LinkedIn Follow Risksense on Twitter

© 2021 RiskSense, Inc. All rights reserved.
Legal Notices, Privacy Policy, and Customer Agreements | Site Map