It should be hard for malicious hackers to break into systems, but all too often it isn't.
That's a takeaway from a joint cybersecurity advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the NSA and FBI, and their counterparts in Canada, New Zealand, the Netherlands, and United Kingdom.
The advisory, which is titled "Weak Security Controls and Practices Routinely Exploited for Initial Access", explains that cybercriminals regularly exploit the poor security configuration of computer systems - whether it be because they're misconfigured or simply left unsecured in the first place. In addition, malicious hackers exploit weak controls and other poor practices "to gain initial access or as part of other tactics to compromise a victims’ system."
According to the report, just a small number of techniques are commonly used by attackers to compromise systems:
- Exploitation of a public-facing application. This might often be an internet-facing service such as a website that may have a weakness that can be exploited to cause unexpected behaviour.
- Exploitation of external remote services such as VPNs, and other methods of accessing the internal network from external locations.
- Leveraging trusted relationships. An attacker might have breached an organisation or service provider which has access to your organisation as a result of having a historic trusted relationship.
- Abuse of compromised credentials could allow an attacker to bypass access controls, and even breach restricted areas of the network.
These attacks often exploit situations where multi-factor authentication (MFA) has not been enforced, mistakes in access control lists, software that has not been updated, weak passwords, and misconfigured services exposed to the internet.
"As long as these security holes exist, malicious cyber actors will continue to exploit them," said NSA Cybersecurity Director Rob Joyce. "We encourage everyone to mitigate these weaknesses by implementing the recommended best practices."
So, what should you do? Fortunately, the advisory details what it says are the best practices to defend systems from these common attacks:
- Control access.
- Harden credentials.
- Establish centralized log management.
- Use anti-virus.
- Employ detection tools.
- Operate services exposed on internet-accessible hosts with secure configurations.
- Keep software updated.
This doesn't feel like rocket science. The advice has been shared year after year, often in the wake of high profile security breaches. And yet still many organisations are failing to properly follow these best practices to ensure that their systems are hardened against attack.
I can't believe that IT teams are not aware of them. In fact, I'm sure the vast majority of people working in the IT security community would strongly endorse these practices. Therefore, I'm left with the unnerving thought that the real problem is that security teams are working under such pressure, with insufficient resources, that sometimes even the easiest fixes are not being put in place.
Is it any wonder malicious hackers are finding it so easy to break into so many companies?
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.