(PatriotWise.com)- The US Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI and NSA, have compiled a list of the primary vulnerabilities that allow cyber attackers to exploit systems and how to prevent them.
The list describes the weak security controls, poor configurations, and poor security practices that are routinely exploited, and includes best practices to mitigate the problems.
Mitigation actions include such obvious suggestions as enabling multi-factor authentication (MFA) on key systems that, when implemented in complex IT environments, are prone to misconfigurations.
Last year, Russian hackers disabled the MFA for active domain accounts by combining a default policy shared by multiple MFA solutions and a Windows printer privilege of escalation flaw. The hackers were then able to establish remote desktop protocol connections to Windows domain controllers.
The CISA alert notes that cyber attackers typically exploit public-facing applications and external remote services, and use phishing to get valid credentials and exploit valid accounts and trusted relationships.
CISA recommends MFA is enforced for every user, especially since remote desktop protocol connections are the common means of launching ransomware attacks.
Proper enforcement of access control rules can be prevented by incorrectly applied privileges or permissions and errors in access control lists, giving unauthorized users access.
CISA also reiterates the importance of keeping software up to date but cautions against using vendor-supplied configurations or using default usernames or passwords. While maintaining defaults may be seen as “user-friendly,” they are also “hacker-friendly” as they are publicly available.
CISA warns that leaving defaults in place makes the system insecure, opening it up to malicious attacks, including installing malicious software and “gaining unauthorized access to information.”
To reduce the risk to remote services like VPNs, CISA recommends adding access control mechanisms like MFA. VPNs should also be placed behind a firewall and IDS and IPS sensors should be used to detect any suspicious activity on the network.
Read the full alert from CISA HERE.
