Joint Cybersecurity Advisory Issued by U.S., U.K., and Australian Authorities

On July 28th, a Joint Cybersecurity Advisory was issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), in partnership with the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC). The advisory provides details on the top 30 vulnerabilities routinely exploited by malicious cyber actors in 2020, as well as those being widely exploited thus far in 2021.

One of the key findings is that four of the most targeted vulnerabilities in 2020 involved remote work, VPNs, or cloud-based technologies. Many VPN gateway devices remained unpatched during 2020, with the growth of remote work options due to the COVID-19 pandemic challenging the ability of organizations to conduct rigorous patch management. In 2021, malicious cyber actors continued to target such vulnerabilities.

In addition to outlining the most common attack vectors, including the specific vendors, products, and Common Vulnerabilities and Exposures (CVEs)  associated with the vulnerabilities, the advisory directs the public and private sector to the support and resources available to mitigate and remediate these vulnerabilities from each Agency, as well as from other government and industry partners.

You can read the full press release here and the advisory here.