Several federal agencies and international organizations on Wednesday warned organizations to protect themselves against common vulnerabilities that tend to be “frequently exploited by malicious cyber actors.”
The statement from the Cybersecurity and Infrastructure Security Agency urged organizations to manage and patch known exploited vulnerabilities, enable security features like multifactor authentication and use protective controls and architecture like securing networks and devices.
It was signed by CISA, the National Security Agency (NSA), the FBI and cyber security groups in Australia, Canada, New Zealand and the United Kingdom.
The advisory noted that the 15 leading vulnerabilities that cyber actors tend to seek out have previously been made public, but CISA Director Jen Easterly said that those weak points are areas that tend to be revisited by malicious actors.
“We know that malicious cyber actors go back to what works, which means they target these same critical software vulnerabilities and will continue to do so until companies and organizations address them,” Easterly said in a statement.
NSA cybersecurity director Rob Joyce added that “bad actors don’t need to develop sophisticated tools when they can just exploit publicly known vulnerabilities.”
Earlier this month, the group of agencies and international partners issued a statement regarding Russian cyber threats targeting critical infrastructure that could affect “organizations both within and beyond Ukraine.”
At the time, the statement said that the advisory was “the most comprehensive view of the cyber threat posed by Russia to critical infrastructure released by government cyber experts since the invasion of Ukraine in February.”