Experts from Australia, the United States and United Kingdom have joined forces to issue an unprecedented warning to businesses exposed to hacks thanks to poorly equipped computer networks.

The increase in people working from home to prevent the spread of COVID-19 has resulted in more businesses using flawed software to help workers connect, leaving them prime for attack from cyber criminals and other nations seeking to wreak havoc.

An official warning that lists the top 30 ways online criminals are hacking into systems has been issued by the Australian Cyber Security Centre, the UK's National Cyber Security Centre (NCSC), the United States's Cybersecurity and Infrastructure Security Agency (CISA) and the US FBI.

During the pandemic, the most common forms have been through flaws in remote networks, virtual private networks (VPN) and cloud-based technologies, which are widely used by people working remotely.

The agencies issued their statement in a bid to help businesses better protect themselves from crippling attacks like Microsoft Exchange email server hack, which exposed tens of thousands of businesses to criminal exploitation.

"The advisory published today puts the power in every organisation's hand to fix the most common vulnerabilities, such as unpatched VPN gateway devices," Paul Chichester from the UK NCSC said in a statement.

“Working with our international partners, we will continue to raise awareness of the threats posed by those that seek to cause harm."

What should businesses watch out for?

The joint cybersecurity advisory lists weak spots in popular software programs such as Microsoft, Atlassian and MobileIron programs as some of the top 30 vulnerabilities being exploited.

Organisations using Microsoft software were compromised earlier this year in a hack that exposed them to organised crime groups who used it for illicit gain.

While the threat is real, in some cases the solution is easy.

Organisations can avoid being hacked if they patch and update their systems, the advisory states, and its highly technical document provides details on exactly how to fix such problems.

The head of the Australian Cyber Security Centre Abigail Bradshaw said the decision to issue the warning is yet another attempt by security agencies to try and reduce online risks.

"Unless vulnerabilities are urgently addressed, malicious cyber actors will continue to use older known vulnerabilities affecting software used by many organisations including Microsoft Office, as long as they remain effective and systems remain unpatched," she said in a statement.

Businesses were also reminded that they should require employees to use multi-factor authentication to access work networks from home. 

Recently the Australian government joined an international coalition in accusing China of being behind the Microsoft Exchange email server hack.

The decision by the United States, Australia, Japan, New Zealand, Canada and the United Kingdom to essentially name and shame Beijing showed the size and impact of the attack. 

The federal government is attempting to pass legislation it says will help reduce the risk of cyber attacks, while there are growing calls for organisations to be compelled to report when they are hacked in an attempt to ensure similar cases don't happen again.

Story By | Stephanie Borys