Recommendation issued jointly by the U.S., Canada, New Zealand, Netherlands and the U.K. provides guidance on mitigating vulnerabilities.
Recommendation issued jointly by the U.S., Canada, New Zealand, Netherlands and the U.K. provides guidance on mitigating vulnerabilities and inadequate security configurations. Attackers regularly employ techniques to gain access to their victims’ networks. These include Internet applications, external remote services, phishing, abuse of trust and the use of stolen credentials.
- Multifactor authentication (MFA) is not implemented. MFA, especially for AuthRemote desktop access, can help prevent account takeover.
- Incorrectly applied privileges or permissions and errors in access control lists. Access control rules can prevent unauthorized users or system processes from accessing documents.
- Unpatched software can allow an attacker to exploit publicly known vulnerabilities to gain access to confidential information, launch a denial-of-service attack, or take control of a system.
- Using default configurations or default usernames and passwords provided by the vendor. Many software and hardware products are shipped from the factory with overly permissive default configurations in order to make the products user-friendly and reduce time spent by customer service in troubleshooting.
- Remote services, such as a virtual private network (VPN), do not have sufficient controls to prevent unauthorized access. In recent years, malicious actors have been observed attacking remote services.
- Strict password policies are not implemented. Malicious cyber attackers use a variety of methods to exploit weak, leaked, or compromised passwords to gain unauthorized access to a victim system.
- Misconfigured cloud services are a common target for cyberattacks. Poor configurations can allow the theft of sensitive data and even cryptojacking.
- Open ports and misconfigured services are exposed to the Internet. This is one of the most commonly identified vulnerabilities. Attackers use scanning tools to detect open ports and often use them as the first attack vector.
- Attackers send emails with malicious macros – especially in Microsoft Word documents or Excel files – to infect computer systems through phishing.
- Cyber actors use obfuscated malicious scripts and PowerShell attacks to bypass endpoint security controls and launch attacks against targeted devices.