Unfortunately, there's no shortage of skilled cybercriminals these days; hackers who can throw everything but the kitchen sink at systems in order to get in.
What about the ones who don't have to?
Cybersecurity authorities in the U.S., along with those in the U.K., Canada, New Zealand, and the Netherlands are reminding organizations this week to address weak security controls that can allow attackers to essentially waltz through an organization's backdoor, undetected.
By either failing to strengthen security configurations, either from the get go, or leaving them poorly secured, organizations are doing attackers a favor, giving them an easy access point to use as a means to compromise, if not immediately, then to carry out reconnaissance and exploit at a later date.
In a report on Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) looked at ways attackers commonly gain access to networks, including through the exploitation of public-facing apps, external remote services, phishing, taking advantage of a trusted relationship, and abuse of existing, valid accounts.
It also flagged the following poor practices for enabling attackers:
- Multifactor authentication (MFA) is not enforced
- Incorrectly applied privileges or permissions and errors within access control lists
- Software not up to date
- Use of vendor-supplied default configurations or default login usernames and passwords
- Remote services, such as a virtual private network (VPN), lack sufficient controls to prevent unauthorized access
- Strong password policies are not implemented
- Cloud services are unprotected
- Open ports and misconfigured services are exposed to the internet
- Failure to detect or block phishing attempts
- Poor endpoint detection and response
CISA has a handful of recommendations for admins to implement if they're not already to address these issues. Many are focused on tightening access to controls, including adopting a zero-trust security model, limiting who has control to what data, and making sure machines don't have any open RDP ports.
Other recommendations include making efforts to harden credentials - see MFA, establish centralized log management, employ antivirus to prevent malware, along with endpoint detection and response and an intrusion detection system to aid in visibility.
Organizations should also make sure there's a configuration management program in place, something that routinely verifies services and systems aren't exposed to the internet, along with a software and patch management program to keep things to to date.
While much of these tips aren’t exactly new to defenders, especially those who work around the clock each day trying to remedy these issues, it’s still a good primer – and a checklist for some – when it comes to safeguarding systems.