The security agencies of five countries have outlined 10 of the most common ways threat actors compromise their victims, most of which can be mitigated by basic cyber-hygiene best practices.
The alert comes from the cybersecurity authorities of the US, Canada, New Zealand, the Netherlands and the UK.
It focuses on weak security controls, poor configurations and sub-par security practices. Many of these relate to logins, including a lack of multi-factor authentication (MFA); use of default logins and usernames; an absence of strong password policies; and errors within access control lists.
Unpatched software is also listed, as is a lack of sufficient security controls applied to remote access services like VPNs. In many cases, MFA, firewalls and intrusion detection/prevention (IDS/IPS) are not applied to these systems, the alert claimed.
Misconfigured cloud services, open ports and misconfigured high-risk services such as SMB, RDP, Telnet and NetBIOS also pose a significant threat to organizations.
Finally, failures to detect and block phishing attempts and poor endpoint detection and response were highlighted as opening the door to attackers.
The security agencies advised organizations to take the following mitigation steps:
- Control access by adopting a zero trust model and other measures.
- Implement credential hardening, including MFA.
- Establish centralized log management to improve threat detection.
- Deploy anti-malware on workstations and regularly monitor scan results.
- Deploy detection tools on the endpoint, network and in the cloud, alongside vulnerability scanning.
- Maintain rigorous configuration management programs.
- Implement a software and patch management program.
Security experts welcomed the guidance. Mike Newman, CEO of My1Login, argued that it provides “great intelligence” for organizations.
“The advisory also highlights just how frequently weak passwords and user credentials appear in attacker exploits,” he added.
“Whether it be through exploiting default passwords, phishing, guessing insecure passwords, a failure to deploy MFA, or using stolen login credentials, passwords are clearly a key enabler behind several cyber-attack scenarios.”