Tuesday, Jun 14, 2022
BY: Team Nuspire
While cyber attackers are getting more sophisticated and regularly evolving their attack methods, they also appreciate an easy mark. Recently, the Cybersecurity & Infrastructure Security Agency (CISA) joined forces with cybersecurity authorities in Canada, New Zealand, the Netherlands and the United Kingdom to compile a list of the top cybersecurity weaknesses that bad actors like to exploit.
In this article, we’ll share the list and provide recommendations for the measures you can take to ensure you don’t become a victim of these popular attacks.
Weak multifactor authentication
By now, most companies use multifactor authentication (MFA), especially those with employees who work remotely. That’s because MFA is incredibly effective in hindering the bad guys’ efforts since it requires two or more methods of authentication before granting access. For example, using a password plus a code that’s sent to your smartphone.
However, if you have weak security controls and aren’t ensuring ALL employees use MFA, you’re opening yourself up for attack.
Apply MFA on all virtual private network (VPN) connections and any services that are external-facing. In places where MFA hasn’t been implemented, make sure you’ve instituted a rigorous password policy that prevents the use of weak passwords on your network.
Errors in assigning the correct access permissions
Everyone in your organization has different needs and requirements to do their job. Providing blanket access to systems and tools may make it easier for you to manage, but it also makes it easier for threat actors to break in.
Apply the concept of least privilege or role-based access controls, where your employees are only given access to systems and tools essential to their jobs.
A mantra you may hear in the cybersecurity space is, “when in doubt, patch, patch and then patch some more.” That’s because cyber attackers are always testing software for vulnerabilities, and if you’re caught with an older version of software, you’re an easy target for things like data exfiltration, denial-of-service attacks or ransomware.
Institute a process where you evaluate your software regularly to ensure it’s up to date. Know which software is end-of-life or unsupported and run vulnerability scans to determine where to patch.
Using the default, “out of the box” security settings
“Factory default” might as well be renamed “attack me now,” because while it makes it easier for users to implement the software or hardware, it’s not secure. At all. In fact, sometimes the factory-default configurations are printed right on the device or available via an internet search.
This one’s a no-brainer: change or disable the default usernames and passwords. And when you do, make sure the password you use is a strong one. You can get tips for creating strong passwords here.
Weak security controls on remote services like VPN
Remote services are a popular target for threat actors because they often lack sufficient access controls to prevent unauthorized access. This issue has risen exponentially as more people work from home.
MFA plays a big role in keeping remote services safe from malicious attacks. You can also implement a boundary firewall in front of the VPN and use an intrusion detection system/intrusion prevention system to identify anomalous network activity.
Lack of strong password policies
Passwords have been mentioned on this list multiple times, and for good reason. Despite years of learning about how easily a weak password can be exploited, we’re still seeing it as a favorite attack vector.
Weak, leaked or compromised passwords can be the death knell for your company’s security. Credential hardening, such as using MFA and implementing controls to prevent the use of unsound passwords, are some of the most effective ways to combat password-based attacks.
Unprotected cloud services
Cyber actors love attacking cloud services because they’re often misconfigured. This can lead to exfiltration of sensitive data and cryptojacking.
In addition to many of the recommendations cited above, look at the cloud service provider tools that can help you detect overshared cloud storage and monitor for abnormal accesses.
Open ports and misconfigured services exposed to the internet
This is a big one, and a vulnerability we see often. Malicious actors can use scanning tools to find open ports and use them as a way in. Once inside, these attackers can leverage their arsenal of TTPs (tools, tactics and procedures) to wreak havoc among high-risk services like RDP, server message block (SMB), Telnet and NetBIOS.
No one should have external access to your services without controls in place like boundary firewalls and segmentation.
Susceptibility to phishing attempts
Phishing, whether it’s spear phishing, smishing, vishing or conversation hijacking, continues to be one of the most popular methods attackers use. Initial infection can happen in a variety of ways, such as clicking on a malicious link or downloading a Word document with malicious macros. According to Verizon’s 2021 Data Breach Investigations Report, phishing was present in 36% of all breaches.
Again, MFA is key here. Even if an employee gets tricked into revealing their password, MFA doesn’t grant access without a second category of evidence that verifies that employee’s identity. Since a human element plays a substantial role in phishing, security awareness training is something all companies should be doing – and doing on a regular basis (not just once per year as a “check the box” activity).
Insufficient endpoint detection and response (EDR) capabilities
Bad actors are very good at camouflaging their attacks to bypass endpoint security controls. Without sufficient EDR capabilities, businesses are sitting ducks to the next attack.
Deploy an EDR service within your network environment that includes robust log management. This will allow a high degree of visibility into your network, while also creating a record that gives you the valuable information you need to investigate. If your team isn’t large enough or equipped to manage these types of tools, you might want to connect with a managed security services provider to fill in the gaps.