US, UK and Australia Issue Joint Cyber ​​Security Advisory — FBI

Cyber ​​Security and Infrastructure Security Agency (CISA), Australian Cyber ​​Security Center (ACSC), UK National Cyber ​​Security Center (NCSC), and Federal Bureau of Investigation (FBI) Joint Cyber ​​Security Advisory Today, we focus on the top Common Vulnerabilities and Exposures (CVE) that were routinely exploited by cyber actors in 2020 and the vulnerabilities that have been widely exploited so far in 2021. Public and private sector organizations around the world. Organizations are encouraged to apply the available patches for the 30 vulnerabilities listed in the Joint Cybersecurity Advisory and implement a centralized patch management system.

One of the key findings is that the four most targeted vulnerabilities in 2020 are related to remotework, VPN, or cloud-based technologies. Many VPN gateway devices remained unpatched during 2020. The COVID-19 pandemic has increased remote work options as it challenges the ability of organizations to perform strict patch management. In 2021, malicious cyber attackers continued to target vulnerabilities in perimeter-type devices. This advisory lists vendors, products, and CVEs related to these vulnerabilities, which organizations need to patch urgently.

“In cybersecurity, understanding the basics is paramount. Organizations that apply cybersecurity best practices, such as patching, can mitigate the risk to cyber attackers who exploit known vulnerabilities in the network. “Cybersecurity Executive Assistant Director Eric Goldstein said. , CISA. “Collaboration is an important part of CISA’s work, and today, in partnership with ACSC, NCSC, and the FBI, public and private organizations patch to minimize the risk of misuse by malicious attackers. Emphasized cyber vulnerabilities that should be prioritized for application. “

Abigail Bradshaw CSC, Head of Cyber ​​Security Center in Australia, said: “This guidance helps network defenders and organizations strengthen their collective defenses against cyber threats. It highlights ACSC’s and partner agencies’ determination to work with malicious cyber activities. increase.”

“We are working with our allies to raise awareness of global cyber weaknesses and present easily viable solutions to mitigate them,” said NCSC’s Operations Director. One Paul Chichester said. “The advisory announced today gives all organizations the power to fix the most common vulnerabilities, including unpatched VPN gateway devices. Work with international partners to do harm. We will raise awareness of the threats posed by those who try to do so.

“The FBI continues to work on sharing information with public and private organizations to prevent malicious cyber attackers from exploiting the vulnerability,” said Brian, FBI’s cyber assistant director.・ Vondoran states. “We are confident that coordinating and coordinating with federal and private sector partners will ensure a more secure cyber environment and reduce the chances of success for these parties.”

This advisory also presents public and private sector partners with the support and resources available to mitigate and fix these vulnerabilities from agencies and other government and industry partners.

One of the most effective best practices to mitigate many vulnerabilities is to update the software as soon as a patch is available and executable. Focusing cyber defense resources on patches for the vulnerabilities most frequently used by malicious cyber attackers must be rooted in the culture of all organizations. This approach not only enhances network security, but also offers the potential to prevent the destructive and destructive operation of the enemy.

The CISA, ACSC, NCSC, and FBI recommend that organizations that have not yet fixed these vulnerabilities investigate the presence of evidence of the intrusion described in this advisory. In the event of a breach, the organization must initiate an incident response and recovery plan.

For other common best practices for mitigating cyber threats, Australia, Canada, New Zealand, United Kingdom, and United States on technical approaches to the detection and restoration of malicious activity When ACSC Essential Eight Mitigation Strategy..

Joint recommendations can be found here..

US, UK and Australia Issue Joint Cyber ​​Security Advisory — FBI

Source link US, UK and Australia Issue Joint Cyber ​​Security Advisory — FBI

Related Articles

Back to top button