Five Eyes Reveal Most Exploited Cyber Vulnerabilities for 2021

Five Eyes Reveal Most Exploited Cyber Vulnerabilities for 2021
An employee typing on a computer keyboard at the headquarters of Internet security giant Kaspersky in Moscow on Oct. 17, 2016. Kirill Kudryavtsev/AFP via Getty Images
Daniel Y. Teng
Updated:

Cybersecurity agencies from the Five Eyes nations have outlined the 15 most exploited vulnerabilities of 2021.

Agencies from the United States, United Kingdom, Australia, New Zealand, and Canada said hackers were targeting public and private sectors and warned organisations to implement mitigation strategies.

The most commonly exploited vulnerability was Log4Shell, which affects Apache’s Log4j library, and involves submitting a specially crafted request to a system that will then allow a cyber actor to take full control.

Hackers can then steal information and launch ransomware attacks.

“We know that malicious cyber actors go back to what works, which means they target these same critical software vulnerabilities and will continue to do so until companies and organisations address them,” said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA).

“This report should be a reminder to organisations that bad actors don’t need to develop sophisticated tools when they can just exploit publicly known vulnerabilities,” said Rob Joyce, cybersecurity director at the National Security Agency (NSA). Joyce encouraged organisations to “get a handle” on patches and mitigation.

Lisa Fong, director of the New Zealand Government Communications Security Bureau’s (GCSB) cybersecurity centre said the “speed and scale” of malicious actors was increasing.

“This joint advisory underscores the importance of addressing vulnerabilities as they are disclosed,” she said.

The joint advisory was released by the United States’ CISA, NSA, Federal Bureau of Investigation, the UK’s National Cyber Security Centre, the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, and New Zealand’s National Cyber Security Centre.

The agencies recommended regular updates of software, implementing a centralised patching system, implementing multi-factor authentication, ensuring remote employees had strong passwords, protecting controls and architecture, and encrypting network traffic.

Cybersecurity has become a more pervasive issue as the world becomes more interconnected but the cost of monitoring and protecting against such threats has also ballooned.

A February report found that the average cost of insurance to cover cybersecurity breaches spiked 113 percent in Australia from 2020 to 2021.

“Ransomware has been, and will continue to be, a plague on organisations and insurers alike, across all industries and segments—equally challenging for small to medium enterprises, as well as large corporates and the public-government sector,” the AON report stated.

Organisations or individuals wishing to report any incidents should contact:

United States: CISA’s 24-7 Operations Center at [email protected] or (888) 282-0870, or an FBI field office.

Australia: ACSC’s 24-7 hotline on 1300 CYBER1 (1300 292 371), or via https://www.cyber.gov.au/acsc/report

Canada: https://www.cyber.gc.ca/en/incident-management

United Kingdom: https://report.ncsc.gov.uk/

New Zealand: https://www.ncsc.govt.nz/incidents/

Daniel Y. Teng
Daniel Y. Teng
Writer
Daniel Y. Teng is based in Brisbane, Australia. He focuses on national affairs including federal politics, COVID-19 response, and Australia-China relations. Got a tip? Contact him at [email protected].
twitter
Related Topics