Top 15 Cybersecurity Vulnerabilities Revealed

The Australian Cyber Security Centre (ACSC) has released the key findings from a joint report with other cybersecurity authorities on the top 15 most routinely exploited cybersecurity vulnerabilities in 2021.

The Cybersecurity Advisory (CSA) shows that cybersecurity authorities have found that malicious actors aggressively targeted newly disclosed critical software vulnerabilities in 2021. These targets range across industries, with little discrimination between public and private sector organisations worldwide.

SEE THE FULL REPORT ON THE ACSC WEBSITE HERE

The top vulnerability names include Log4shell, ProxyShell, ProxyLogon, and ZeroLogon.

At the same time, malicious cyber actors continued to use older, more publicly known software vulnerabilities across a broad spectrum of targets, although to a lesser extent. Three of the top 15 vulnerabilities recorded in 2021 were also regularly exploited in 2020. The CSA states:

Their continued exploitation indicates that many organisations fail to patch software in a timely manner and remain vulnerable to malicious cyber actors.

This exploitation of older vulnerabilities demonstrates that any organisation that uses software that no longer receives vendor support – or fails to patch software regularly – is putting itself at unnecessary risk.

Recommendations from the CSA

The CSA identified mitigation actions that can help reduce the risk and potential impact of a cybersecurity attack.

These recommendations focused on three key areas:

Vulnerability and Configuration Management

• Update software, operating systems, applications, and firmware on IT network assets in a timely manner.
• Use a centralised patch management system.
• Replace software that is no longer supported by the vendor.

Identity and Access Management

• Enforce multi-factor authentication (MFA) for all users.
• Enforce MFA on all VPN connections.
• Review, validate, or remove privileged accounts at least annually.
• Configure access control under the concept of least privilege principle.

Protective Controls and Architecture

• Properly configure and secure internet-facing network devices, disable unused or unnecessary network ports and protocols, encrypt network traffic, and disable unused network services and devices.
• Segment networks to limit or block lateral movement by controlling access to applications, devices, and databases.
• Continuously monitor the attack surface and investigate abnormal activity that may indicate lateral movement of a threat actor or malware.
• Reduce third-party applications and unique system or application builds.
• Implement application allow-listing.

Organisations that are unable to perform rapid scanning and patching of internet-facing systems should consider moving these services to mature, reputable cloud service providers (CSPs) or other managed service providers (MSPs).

The CSA also encourages organisations to apply the basic recommendations included in the advisory. These mitigations include applying timely patches to systems and implementing a centralised patch management system to reduce the risk of compromise by malicious cyber actors.

You can find these actions and more in the ACSC’s Essential Eight and the NIST Cybersecurity Framework.

Writing the CSA involved leading cybersecurity authorities, including the US Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK).