Cyber Liabilities Advisory Advocates Resilience

Uploaded on 2021-08-17 in TECHNOLOGY--Resilience, GOVERNMENT-National, FREE TO VIEW

Government officials in the US, UK, and Australia are urging public, and private-sector organisations to secure their networks by ensuring firewalls, VPNs, and other network-perimeter devices are patched against the most widespread exploits.

The Cybersecurity and Infrastructure Security Agency (CISA) has released a Joint Cyber Security Advisory highlighting the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by cyber actors in 2020 and those vulnerabilities being widely exploited thus far in 2021.

“In 2020, cyber actors readily exploited recently disclosed vulnerabilities to compromise unpatched systems. Based on available data to the US Government, a majority of the top vulnerabilities targeted in 2020 were disclosed during the past two years... The rapid shift and increased use of remote work options, such as virtual private networks (VPNs) and cloud-based environments, likely placed additional burden on cyber defenders struggling to maintain and keep pace with routine software patching,” says the Report.

The FBI, one of the agencies involved in producing the report, said that malicious actors mostly targeted remote work, virtual private networks and cloud-based technologies, with many cyber weaknesses left unpatched. In particular, cyber criminals continue to focus on using  widely known,and often dated exploits and software vulnerabilities against a wide range of target victims, in  both the public and private sectors

One of the key findings is that four of the most targeted vulnerabilities in 2020 involved remote work, VPNs, or cloud-based technologies.

  • It’s recommended that organisations apply the available patches for the 30 vulnerabilities listed in the joint cybersecurity advisory and implement a centralised patch management system.
  • Many VPN gateway devices remained unpatched during 2020, with the growth of remote work options due to the COVID-19 pandemic challenging the ability of organisations to conduct rigorous patch management.
  • In 2021, malicious cyber actors continued to target vulnerabilities in perimeter-type devices. This advisory lists the vendors, products, and CVEs associated with these vulnerabilities, which organizations should urgently patch.

"In cyber security, getting the basics right is often most important. Organisations that apply the best practices of cyber security, such as patching, can reduce their risk to cyber actors exploiting known vulnerabilities in their networks... Collaboration is a crucial part of CISA’s work and today we partnered with ACSC, NCSC, and FBI to highlight cyber vulnerabilities that public and private organisations should prioritise for patching to minimise risk of being exploited by malicious actors." said Eric Goldstein, Assistant Director for Cybersecurity at CISA.

The Joint Advisory also directs public and private sector partners to the support and resources available to mitigate and remediate these vulnerabilities from each agency, as well as from other government and industry partners. One of the most effective best practices to mitigate many vulnerabilities is to update software once patches are available and as soon as is practicable.

Focusing cyber defense resources on patching those vulnerabilities that malicious cyber actors most often use should be ingrained in the culture of every organisation. This approach offers the potential of not only bolstering network security, but also impeding the disruptive, destructive operations of our adversaries.

CISA, ACSC, NCSC, and FBI encourage organisations that have not yet addressed these vulnerabilities to look out for indicators of the numerous compromises listed in this advisory and be ready to initiate incident response and recovery plans.

The Joint Advisory  lists 13 vulnerabilities discovered this year that are also being exploited in large numbers: 

  • Microsoft Exchange: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE2021-27065
  • Pulse Secure: CVE-2021-22893, CVE-2021-22894, CVE-2021-22899, and CVE-2021-22900
  • Accellion: CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104
  • VMware: CVE-2021-21985

The advisory provides technical details for each vulnerability, mitigation guidance, and indicators of compromise to help organisations determine if they’re vulnerable or have been hacked. The advisory also provides guidance for locking down systems.

CERT-CISA:       FBI:         CISA:      Ars Technica:      ZDNet:       Defence Connect:     Wired:

You Might Also Read: 

Missing Patches Place Security At Risk:

 

« Electronic Warfare Specialists On The Frontline
An AI Can File A Patent Application »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ITpreneurs

ITpreneurs

ITpreneurs provides IT training content, Instructors, Learning Infrastructure and services to IT Training providers.

European Internet Forum (EIF)

European Internet Forum (EIF)

EIF’s mission is to help provide European political leadership for the political, economic and social challenges of the worldwide digital transformation.

Qolcom

Qolcom

Qolcom is a leading UK based integrator of secure wireless network and mobile device management solutions.

Idemia

Idemia

Idemia is a global leader in security and identity solutions.

KE-CIRT/CC

KE-CIRT/CC

KE-CIRT/CC is the national Computer Incident Response Team for Kenya.

Efecte

Efecte

Efecte is a Nordic SaaS company specialized in IT Service Management, Self-Service, Identity Management and Access Governance solutions.

TUV Sud

TUV Sud

TÜV SÜD is a leading technical service organisation. We specialize in testing, certification, auditing, training, and advisory services for different industries.

AllClear ID

AllClear ID

AllClear ID provides products and services that help protect people and their personal information from threats related to identity theft.

MBL Technologies

MBL Technologies

MBL Technologies specializes in information assurance, enterprise security, privacy, and program/project management.

Barbara IoT

Barbara IoT

Barbara is an industrial device platform specifically designed for IoT deployments.

Propelo

Propelo

Propelo (formerly LevelOps) is an engineering excellence platform that helps increase developer productivity and improve security with data-led insights and workflow automation.

Secure-IC

Secure-IC

Secure-IC provide end-to-end, best-of-breed security expertise, solutions, and hardware & software technologies, for embedded systems and connected objects.

Ridge Canada Cyber Solutions

Ridge Canada Cyber Solutions

Ridge Canada helps insurance brokers and insurance buyers understand, evaluate, and secure cyber coverage that is tailored to their business.

Somerville

Somerville

Somerville are a full service IT partner with over 40 years experience delivering exceptional service and value to our customers.

SquareX

SquareX

Squarex secures your online activities without compromising productivity.

AT&T Cybersecurity

AT&T Cybersecurity

AT&T Cybersecurity’s Edge-to-Edge technologies provide threat intelligence, collaborative defense, security without the seams, and solutions that fit your business.