The Australian Cyber Security Centre (ACSC) has joined with Cyber-security Agencies in Canada, New Zealand, United Kingdom and United States to produce the joint Cyber-security Advisory (CSA).
The CSA outlines the top 15 Common Vulnerabilities and Exposures routinely exploited by malicious cyber actors in 2021.
Head of the ACSC, Abigail Bradshaw said organisations should immediately protect themselves by implementing mitigations highlighted in the Advisory.
“Malicious cyber actors continue to exploit known and dated software vulnerabilities to attack private and public networks globally,” Ms Bradshaw said.
“The ACSC is committed to providing cyber-security advice and sharing threat information with our partners to ensure a safer online environment for everyone.”
She said that in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network servers.
“The top routinely-exploited vulnerability was Log4Shell, affecting Apache’s Log4j library,” Ms Bradshaw said.
“By submitting a specially-crafted request to a vulnerable system, an actor can take full system control. The Log4Shell vulnerability could allow malicious actors to steal information and launch ransomware on exploited systems.”
She said several vulnerabilities affecting Microsoft Exchange email servers also featured in the top 15.
“For most of the top exploited vulnerabilities, researchers or other actors released proof-of-concept code within two weeks of the vulnerability’s disclosure,” Ms Bradshaw said.
“This likely facilitated exploitation of these vulnerabilities by a broader range of malicious actors.”
She said Australian organisations should consider joining the ACSC’s free Partnership Program to receive and share the latest advice, insights and cyber threat intelligence with the Australian cyber-security community.
