19 May 2022

Cybersecurity agencies release advisory on most common initial access attack vectors


Cybersecurity agencies release advisory on most common initial access attack vectors

Cybersecurity authorities from the US, UK, Canada, the Netherlands, and New Zealand have issued a joint security advisory describing initial access attack vectors most frequently used by cyber actors to breach victim networks.

“Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system,” the agencies said.

To gain initial access to victim networks threat actors use various techniques such as exploiting vulnerabilities in public-facing applications and external remote services, phishing, trusted relationship, and valid accounts.

The advisory highlights common weak security controls, poor configurations, and poor security practices that cyber actors abuse to breach victim networks. These are: the lack of multifactor authentication (MFA); incorrectly applied privileges or permissions; unpatched software; default configurations or default login usernames and passwords; unprotected remote services and cloud services; weak passwords; open ports and misconfigured services; failure to detect or block phishing attempts; poor endpoint detection and response.

To ensure their networks are sufficiently protected organizations are recommended to follow the best cybersecurity practices, including implementing a zero-trust security model that enables granular privilege access management and can allow users to be assigned only the rights required to perform their assigned tasks.


Back to the list

Latest Posts

Researchers uncovered undetectable malware linked to Russia's APT

Researchers uncovered undetectable malware linked to Russia's APT

According to a recent report published by Palo Alto Networks, new piece of malware currently evades 56 antivirus products.  
6 July 2022
New ransomware operation RedAlert puts victims on a "board of shame"

New ransomware operation RedAlert puts victims on a "board of shame"

At this point, only one victim is listed on the RedAlert’s data leak website, indicating that the development is very new.
6 July 2022
Microsoft silently issued a fix for ‘ShadowCoerce’ NTLM Relay attack

Microsoft silently issued a fix for ‘ShadowCoerce’ NTLM Relay attack

Despite patching the flaw, Microsoft hasn’t provided any details about it and assigned a CVE ID yet.
6 July 2022