Report a cybercrime, cyber security incident or vulnerability.
Report

What are you looking for?

You can search for keywords to find pages that can help you e.g. scam
First published: 28 Jul 2021
Last updated: 28 Jul 2021

Content written for

Individuals & families
Small & medium business
Large organisations & infrastructure
Government

The advisory, co-authored by the US Cybersecurity and Infrastructure Security Agency (CISA), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI), in addition to the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), is the first time all four agencies have issued joint advice on cyber vulnerabilities of mutual concern.

A joint media release can be read here. 

Since 2020, a range of malicious cyber actors including criminal syndicates operating worldwide have continued to target Australians, conducting cyber operations that threaten national, economic and security interests in the private sector and government, as well as Australian households.

The ASD's ACSC, CISA, the NCSC and FBI detail how malicious entities have quickly and routinely sought to exploit publicly known—and often dated—software vulnerabilities against a range of targets. It notes also that organisations can mitigate the vulnerabilities in the report by applying readily available patches to systems and implementing a centralised patch management system.

The advisory assesses that organisations and households have likely been exploited by malicious cyber actors through more recently disclosed software flaws in 2020 because of the expansion of remote work arrangements during the COVID-19 pandemic. Four of the most targeted vulnerabilities in 2020 affected remote work, VPNs, or cloud technologies.

In 2021, malicious cyber actors continued to target vulnerabilities in ‘network perimeter-type devices’ that often protect and separate the internet from internal company networks, the advisory says. Among those highly exploited in 2021 are vulnerabilities in Microsoft, Pulse, Accellion, VMware, and Fortinet software.

The ASD's ACSC, CISA, the NCSC and FBI assess that public and private organisations worldwide remain vulnerable to compromise from the exploitation of these cyber vulnerabilities, known as Common Vulnerabilities and Exposures (CVEs), unless they are urgently patched. Advice on patching is available on cyber.gov.au.

 

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it