Security Experts:

Connect with us

Hi, what are you looking for?


Identity & Access

National Cybersecurity Agencies Describe Commonly Used Initial Access Techniques

Cybersecurity agencies in the United States, the United Kingdom, Canada, the Netherlands, and New Zealand warn that threat actors exploit poor security practices for initial access to victim environments.

Cybersecurity agencies in the United States, the United Kingdom, Canada, the Netherlands, and New Zealand warn that threat actors exploit poor security practices for initial access to victim environments.

Common techniques employed by adversaries looking to compromise a target system include exploitation of public-facing applications or external remote services, phishing, the use of valid credentials, and exploitation of trusted relationships.

Authorities in the five concerned countries have identified a series of weaknesses that malicious actors typically look to exploit in their attacks, which include improper security controls, weak configurations, and overall poor cybersecurity practices.

Environments susceptible to exploitation, they say, lack mandatory multi-factor authentication, have incorrectly applied privileges or permissions, use default configurations or default credentials, or run on software that is not kept up to date.

Unprotected remote access services, weak password policies, unprotected cloud services, open ports, and misconfigured services can also be targeted in malicious attacks.

Failure to detect phishing attempts and the lack of strong endpoint detection and response are also known causes of intrusion, the five nations say.

To ensure they are protected, organizations are advised to implement a zero-trust security model, to limit the remote login of local administrators, control user access to resources, implement proper conditional access policies, and make sure that no system has open RDP ports.

Implementing strong credential policies – such as enforcing multi-factor authentication, changing default credentials, and monitoring for compromised usernames and passwords – establishing log management and a configuration management program, employing anti-malware and endpoint detection tools, and keeping all software updated should also help mitigate risks.

Related: NSA Publishes Best Practices for Improving Network Defenses

Related: NSA, CISA Issue Guidance on Selecting and Securing VPNs

Related: CISA Warns Critical Infrastructure Organizations of Foreign Influence Operations

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.