In the ever-shifting landscape of cybersecurity, a powerful alliance between the Cybersecurity and Infrastructure Agency (CISA) and the National Security Agency (NSA) aims to combat the relentless cyberthreats that organizations face. Together, they illuminate the common misconfigurations that plague organizations, offering invaluable recommendations to enhance your digital defenses. From weak passwords and outdated software to phishing and ransomware attacks, this article helps you navigate the most common pitfalls that can compromise your organization’s cybersecurity.
Top Cybersecurity Vulnerabilities You Can't Afford to Ignore
Default Software Configurations
The utilization of default settings can create weaknesses that hackers will easily exploit. Standard credentials, permissions and settings open gateways for unauthorized access. Cyberattackers are attracted to weak access controls and vulnerable default configurations.
Prevention Measures:
- Customize your default configurations of applications and devices before implementing.
- Refrain from default usernames and passwords, fortify ADCS configurations, scrutinize template permissions and question the necessity of LLMNR/NetBIOS.
User & Administrator Privilege Chaos
Administrators who assign multiple roles to a single account create a dangerous situation. A compromised account, hidden in plain sight, can wreak havoc if unnoticed.
Prevention Measures:
- Establish comprehensive authentication, authorization and accounting systems.
- Regularly audit user accounts to identify and remove any unnecessary accounts.
- Apply limits to privileged accounts and restrict administrator users.
- Control domain users in local admin groups, let non-admin accounts manage demonized apps and configure service accounts with only the essential permissions.
Inadequate Internal Network Monitoring
Failure to adequately monitor your network can conceal undetected compromises and hinder the timely identification of suspicious activity.
Prevention Measures:
- Establish benchmarks for your applications and services.
- Conduct regular audits to expose hidden access and usage, particularly for administrative activities.
- Develop a baseline that reflects normal traffic activity, network performance, host application activity and user behavior.
- Employ auditing tools capable of exposing privilege misuse and embrace a security information and event management system.
Missing Network Segmentation
Without proper network segmentation, malicious actors navigate freely, exposing your organization to ransomware and post-exploitation threats.
Prevention Measures:
- Adopt advanced firewalls that offer deep packet filtering, stateful inspection and application-level packet inspection.
- Erect barriers through segmented network engineering, blocking lateral movements within the network.
Weak Patch Management
Patch management addresses vulnerabilities present in your software and applications that could potentially be exploited by cyberattacks. Failing to effectively manage these patches increases your organization’s security risk.
Prevention Measures:
- Regularly update operating systems, browsers and software.
- Automate the update process, entrusting your defenses to vendor-provided updates.
- Segment networks to reduce the exposure of vulnerable systems and discontinue the use of unsupported hardware and software.
Bypassing System Access Controls
Intruders with malicious intent employ cunning tactics to gain unauthorized access to your system. They exploit alternate authentication methods such as pass-the-hash (PtH).
Prevention Measures:
- Limit identical credentials across different systems.
- Enforce PtH mitigations.
- Prevent domain users from local administrator groups.
Multifactor Authentication (MFA) Mishaps
Faulty MFA configurations can lead to the persistence of unaltered password hashes, opening the door to unrelenting cyberattacks. This presents a significant risk, as these password hashes can be exploited indefinitely as long as the account remains active. Specific types of MFA methods are susceptible to different attack vectors.
Prevention Measures:
- Address this risk in Windows environments; disable outdated authentication protocols.
- Embrace phishing-resistant MFA.
Access Control Lists (ACLs) Gone Wrong
Misconfigured access control lists (ACLs) can grant malicious actors access to sensitive or administrative data.
Prevention Measures:
- Ensure that storage devices and network shares are adequately secured.
- Restrict access to only authorized users, embracing the principle of least privilege.
- Impose restrictive permissions on sensitive files and folders.
Lackluster Credential Hygiene
Inadequate management of credentials increases the likelihood of threat actors successfully obtaining credentials for initial access, persistence, lateral movement and other subsequent malicious activities. Examples of poor credential hygiene include easy-to-crack passwords and cleartext password disclosure.
Prevention Measures:
- Adhere to the password policies outlined by the National Institute of Standards and Technology.
- Promote robust passwords and avoid reusing passwords across multiple systems.
- Utilize strong passphrases for private keys and to securely store hashed passwords.
Unrestricted Code Execution
Unverified programs are like ticking time bombs, with malicious actors waiting to unleash their harmful code.
Prevention Measures:
- Restrict the usage of applications downloaded from untrusted sources.
- Arm yourself with application control tools, imposing limits on scripting languages.
- Maintain vigilance and regularly analyze your border and host-level protections.
Additional Cybersecurity Mitigation Strategies
In addition to these measures, it’s strongly advised by both the CISA and NSA that organizations continuously exercise, test and validate their security programs in a real-world environment. Regular testing allows organizations to ensure that their security measures are effective and adaptable to emerging threats. Additionally, organizations can learn from the vulnerabilities and shortcomings experienced by others and quickly implement necessary mitigation strategies to protect their networks, sensitive data and critical operations.
Don’t become another cybersecurity statistic! Use our Ransomware Guide to help your organization understand ransomware incidents, implement prevention measures to lower risk and develop a response plan to minimize losses should an attack occur.
We’re Here to Help with Cyber Risk Management
The joint advisory issued by CISA and NSA provides valuable insights into prevalent cybersecurity misconfigurations and offers comprehensive strategies for mitigating these risks. By proactively addressing these pitfalls and adopting recommended best practices, organizations can strengthen their cybersecurity posture and defend against potential threats. Connect with a member of our team for additional cybersecurity risk management guidance.