A joint advisory from agencies in the US, Canada, New Zealand, the Netherlands, and the UK revealed the top 10 attack vectors exploited by threat actors breaching networks.
Here it is:
- Multifactor authentication (MFA) is not enforced. MFA, particularly for remote desktop access, can help prevent account takeovers.
- Incorrectly applied privileges or permissions and errors within access control lists. These mistakes can prevent the enforcement of access control rules and could allow unauthorized users or system processes to be granted access to objects.
- Software is not up to date. Unpatched software may allow an attacker to exploit publicly known vulnerabilities to gain access to sensitive information, launch a denial-of-service attack, or take control of a system.
- Use of vendor-supplied default configurations or default login usernames and passwords. Many software and hardware products come “out of the box” with overly permissive factory-default configurations intended to make the products user-friendly and reduce the troubleshooting time for customer service.
- Remote services, such as a virtual private network (VPN), lack sufficient controls to prevent unauthorized access. In recent years, malicious threat actors have been observed targeting remote services.
- Strong password policies are not implemented. Malicious cyber actors can use a myriad of methods to exploit weak, leaked, or compromised passwords and gain unauthorized access to a victim system.
- Cloud services are unprotected. Misconfigured cloud services are common targets for cyber actors. Poor configurations can allow for sensitive data theft and even cryptojacking.
- Open ports and misconfigured services are exposed to the internet. This is one of the most common vulnerability findings. Cyber actors use scanning tools to detect open ports and often use them as an initial attack vector.
- Failure to detect or block phishing attempts. Cyber actors send emails with malicious macros—primarily in Microsoft Word documents or Excel files—to infect computer systems.
- Poor endpoint detection and response. Cyber actors use obfuscated malicious scripts and PowerShell attacks to bypass endpoint security controls and launch attacks on target devices.
Why do we care?
This is essentially your checklist for “did I do the basics.” Nothing here is new. We only care because of the source of the publication – government agencies. Simply a matter of time until this checklist becomes the complete list of enforceable requirements for both insurance coverage and what savvy lawyers ask when customers seek damages.