Cybersecurity agencies in the United States, the United Kingdom, Canada, the Netherlands, and New Zealand warn that threat actors exploit poor security practices for initial access to victim environments.
Common techniques employed by adversaries looking to compromise a target system include exploitation of public-facing applications or external remote services, phishing, the use of valid credentials, and exploitation of trusted relationships.
Authorities in the five concerned countries have identified a series of weaknesses that malicious actors typically look to exploit in their attacks, which include improper security controls, weak configurations, and overall poor cybersecurity practices.
Environments susceptible to exploitation, they say, lack mandatory multi-factor authentication, have incorrectly applied privileges or permissions, use default configurations or default credentials, or run on software that is not kept up to date.
Unprotected remote access services, weak password policies, unprotected cloud services, open ports, and misconfigured services can also be targeted in malicious attacks.
Failure to detect phishing attempts and the lack of strong endpoint detection and response are also known causes of intrusion, the five nations say.
To ensure they are protected, organizations are advised to implement a zero-trust security model, to limit the remote login of local administrators, control user access to resources, implement proper conditional access policies, and make sure that no system has open RDP ports.
Implementing strong credential policies – such as enforcing multi-factor authentication, changing default credentials, and monitoring for compromised usernames and passwords – establishing log management and a configuration management program, employing anti-malware and endpoint detection tools, and keeping all software updated should also help mitigate risks.
Related: NSA Publishes Best Practices for Improving Network Defenses
Related: NSA, CISA Issue Guidance on Selecting and Securing VPNs
Related: CISA Warns Critical Infrastructure Organizations of Foreign Influence Operations