Australia, UK and US issue joint cybersecurity advisory

Share

The ACSC, UK’s NCSC and the US’s CISA and FBI have released a joint cybersecurity advisory that highlights the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by cyber criminals in 2020-21. 

The ACSC, NCSC, CISA and FBI consider the vulnerabilities listed below to be the topmost regularly exploited CVEs during 2020: 

Vendor  CVE  Type 
Citrix  CVE-2019-19781  arbitrary code execution 
Pulse  CVE 2019-11510  arbitrary file reading 
Fortinet  CVE 2018-13379  path traversal 
F5- Big IP  CVE 2020-5902  remote code execution (RCE) 
MobileIron  CVE 2020-15505  RCE 
Microsoft  CVE-2017-11882  RCE 
Atlassian  CVE-2019-11580  RCE 
Drupal  CVE-2018-7600  RCE 
Telerik  CVE 2019-18935  RCE 
Microsoft  CVE-2019-0604  RCE 
Microsoft  CVE-2020-0787  elevation of privilege 
Netlogon  CVE-2020-1472  elevation of privilege 

It was found that four of the most targeted vulnerabilities during this time involved remote work, VPNs, or cloud-based technologies.  

The growth of remote work options caused by the COVID-19 pandemic has challenged the ability of organizations to conduct rigorous patch management. This left many VPN gateway devices unpatched in 2020, allowing cyber criminals to exploit their vulnerabilities. 

Meanwhile, cyber criminals also continued to target the vulnerabilities in perimeter-type devices in 2021. Among those highly exploited are vulnerabilities in Microsoft, Pulse, Accellion, VMware, and Fortinet. 

The advisory lists the vendors, products, and CVEs associated with these vulnerabilities so that organizations can urgently patch them. 

“Collaboration is a crucial part of CISA’s work and today we partnered with ACSC, NCSC and FBI to highlight cyber vulnerabilities that public and private organizations should prioritize for patching to minimize the risk of being exploited by malicious actors,” CISA’s Executive Assistant Director for Cybersecurity Eric Goldstein said. 

“In cybersecurity, getting the basics right is often most important.  Organizations that apply the best practices of cybersecurity, such as patching, can reduce their risk to cyber actors exploiting known vulnerabilities in their networks.” 

Head of the Australian Cyber Security Centre Abigail Bradshaw said the advisory is valuable as it allows network defenders and organisations to lift collective defences against cyber threats. 

“This advisory complements our advice available through cyber.gov.au and underscores the determination of the ACSC and our partner agencies to collaboratively combat malicious cyber activity,” Bradshaw said. 

UK’s NCSC has expressed their commitment to working with allies to raise awareness of global cyber weaknesses, enabling them to present easily actionable solutions to mitigate cyber risks.  

“The advisory published today puts the power in every organisation’s hand to fix the most common vulnerabilities, such as unpatched VPN gateway devices. Working with our international partners, we will continue to raise awareness of the threats posed by those that seek to cause harm,” NCSC’’s Director of Operations Paul Chichester said. 

FBI’s Cyber Assistant Director Bryan Vorndran said the organisation will be sharing information with public and private organizations to prevent malicious cyber actors from exploiting vulnerabilities.  

“We firmly believe that coordination and collaboration with our federal and private sector partners will ensure a safer cyber environment to decrease the opportunity for these actors to succeed,” Assistant Director Vorndran said. 

One of the most effective practices to mitigate CVEs is to update the software once patches are available and as soon as is practicable.  

The advisory states that focusing cyber defence resources on patching those software vulnerabilities should be engrained in the culture of every organization, as it bolsters network security and impedes the disruptive, destructive operations of cyber criminals. 

The joint advisory encourages organizations to investigate the presence of indicators of compromise in the software listed. If compromised, organizations should immediately initiate incident response and recovery plans. 

As cyber actors continue to exploit publicly-known and often dated software vulnerabilities against broad target sets worldwide, it is recommended that organizations apply the available patches for the vulnerabilities and implement a centralized patch management system. 

The advisory also provides the support and resources available for the mitigation and remedial of the CVEs for agencies, governments and industry partners. 

 SOURCE: ACSC & CISA