Cybersecurity agencies in the United States, the United Kingdom, Canada, the Netherlands, and New Zealand warn that threat actors exploit poor security practices for initial access to victim environments.
Common techniques employed by adversaries looking to compromise a target system include exploitation of public-facing applications or external remote services, phishing, the use of valid credentials, and exploitation of trusted relationships.
Authorities in the five concerned countries have identified a series of weaknesses that malicious actors typically look to exploit in their attacks, which include improper security controls, weak configurations, and overall poor cybersecurity practices.
Environments susceptible to exploitation, they say, lack mandatory multi-factor authentication, have incorrectly applied privileges or permissions, use default configurations or default credentials, or run on software that is not kept up to date.
Unprotected remote access services, weak password policies, unprotected cloud services, open ports, and misconfigured services can also be targeted in malicious attacks.
Failure to detect phishing attempts and the lack of strong endpoint detection and response are also known causes of intrusion, the five nations say.
To ensure they are protected, organizations are advised to implement a zero-trust security model, to limit the remote login of local administrators, control user access to resources, implement proper conditional access policies, and make sure that no system has open RDP ports.
Implementing strong credential policies – such as enforcing multi-factor authentication, changing default credentials, and monitoring for compromised usernames and passwords – establishing log management and a configuration management program, employing anti-malware and endpoint detection tools, and keeping all software updated should also help mitigate risks.
Related: NSA Publishes Best Practices for Improving Network Defenses
Related: NSA, CISA Issue Guidance on Selecting and Securing VPNs
Related: CISA Warns Critical Infrastructure Organizations of Foreign Influence Operations
More from Ionut Arghire
- Nigerian BEC Scammer Sentenced to Prison in US
- China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
- 14 Million Records Stolen in Data Breach at Latitude Financial Services
- iOS Security Update Patches Exploited Vulnerability in Older iPhones
- Hackers Earn Over $1 Million at Pwn2Own Exploit Contest
- GoAnywhere Zero-Day Attack Hits Major Orgs
- Australia Dismantles BEC Group That Laundered $1.7 Million
- GitHub Rotates Publicly Exposed RSA SSH Private Key
Latest News
- Mandiant Catches Another North Korean Gov Hacker Group
- Microsoft Puts ChatGPT to Work on Automating Cybersecurity
- Video: How to Build Resilience Against Emerging Cyber Threats
- Nigerian BEC Scammer Sentenced to Prison in US
- China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
- SecurityScorecard Guarantees Accuracy of Its Security Ratings
- ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
- 14 Million Records Stolen in Data Breach at Latitude Financial Services
