Joint Cyber Security Advisory: Weak security controls and practices routinely exploited for initial access
New Zealand’s National Cyber Security Centre (NCSC) has issued a cyber security advisory in conjunction with CERT NZ and the cyber security authorities of the United States, Canada, the Netherlands, and the United Kingdom. The advisory identifies commonly exploited controls and practices and includes best practices to mitigate the issues.
Malicious cyber actors routinely exploit the following poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system:
- Multifactor authentication (MFA) is not enforced.
- Incorrectly applied privileges or permissions and errors within access control lists.
- Software is not up to date.
- Use of vendor-supplied default configurations or default login usernames and passwords.
- Remote services, such as a virtual private network (VPN), lack sufficient controls to prevent unauthorised access.
- Strong password policies are not implemented.
- Cloud services are unprotected.
- Open ports and misconfigured services are exposed to the internet.
- Failure to detect or block phishing attempts.
- Poor endpoint detection and response.
The joint advisory suggests adhering to a range of practices that can help organisations to strengthen their network defences against commonly exploited weak security controls and practices. Suggestions include implementing credential hardening, strengthening access control, establishing centralised log management, employing detection tools and antivirus programmes, maintaining rigorous configuration management programmes, and initiating a software patch management programme.