Cybersecurity authorities from the US, UK, Canada, the Netherlands, and New Zealand have issued a joint security advisory describing initial access attack vectors most frequently used by cyber actors to breach victim networks.
“Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system,” the agencies said.
To gain initial access to victim networks threat actors use various techniques such as exploiting vulnerabilities in public-facing applications and external remote services, phishing, trusted relationship, and valid accounts.
The advisory highlights common weak security controls, poor configurations, and poor security practices that cyber actors abuse to breach victim networks. These are: the lack of multifactor authentication (MFA); incorrectly applied privileges or permissions; unpatched software; default configurations or default login usernames and passwords; unprotected remote services and cloud services; weak passwords; open ports and misconfigured services; failure to detect or block phishing attempts; poor endpoint detection and response.
To ensure their networks are sufficiently protected organizations are recommended to follow the best cybersecurity practices, including implementing a zero-trust security model that enables granular privilege access management and can allow users to be assigned only the rights required to perform their assigned tasks.