Cybersecurity agencies from the Five Eyes nations have outlined the 15 most exploited vulnerabilities of 2021.
Agencies from the United States, United Kingdom, Australia, New Zealand, and Canada said hackers were targeting public and private sectors and warned organisations to implement mitigation strategies.
Hackers can then steal information and launch ransomware attacks.
“We know that malicious cyber actors go back to what works, which means they target these same critical software vulnerabilities and will continue to do so until companies and organisations address them,” said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA).
“This report should be a reminder to organisations that bad actors don’t need to develop sophisticated tools when they can just exploit publicly known vulnerabilities,” said Rob Joyce, cybersecurity director at the National Security Agency (NSA). Joyce encouraged organisations to “get a handle” on patches and mitigation.
Lisa Fong, director of the New Zealand Government Communications Security Bureau’s (GCSB) cybersecurity centre said the “speed and scale” of malicious actors was increasing.
“This joint advisory underscores the importance of addressing vulnerabilities as they are disclosed,” she said.
The joint advisory was released by the United States’ CISA, NSA, Federal Bureau of Investigation, the UK’s National Cyber Security Centre, the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, and New Zealand’s National Cyber Security Centre.
The agencies recommended regular updates of software, implementing a centralised patching system, implementing multi-factor authentication, ensuring remote employees had strong passwords, protecting controls and architecture, and encrypting network traffic.
Cybersecurity has become a more pervasive issue as the world becomes more interconnected but the cost of monitoring and protecting against such threats has also ballooned.
“Ransomware has been, and will continue to be, a plague on organisations and insurers alike, across all industries and segments—equally challenging for small to medium enterprises, as well as large corporates and the public-government sector,” the AON report stated.
Organisations or individuals wishing to report any incidents should contact:
United States: CISA’s 24-7 Operations Center at [email protected] or (888) 282-0870, or an FBI field office.
Australia: ACSC’s 24-7 hotline on 1300 CYBER1 (1300 292 371), or via https://www.cyber.gov.au/acsc/report
Canada: https://www.cyber.gc.ca/en/incident-management
United Kingdom: https://report.ncsc.gov.uk/
New Zealand: https://www.ncsc.govt.nz/incidents/