"Weak Security Controls and Practices Routinely Exploited for Initial Access"

Cyber actors commonly use misconfigured or unsecured security configurations, weak controls, and other bad cyber hygiene practices to gain initial access or compromise a victim's system. A joint Cybersecurity Advisory co-authored by the cybersecurity authorities of the US, Canada, New Zealand, the Netherlands, and the UK identifies controls and practices commonly exploited by threat actors and includes best practices to mitigate these issues. According to the cybersecurity authorities, malicious actors commonly exploit public-facing applications, use external remote services, conduct phishing attacks, develop trusted relationships, and abuse credentials of valid accounts to gain initial access to victim networks. In order for organizations to strengthen their network defenses against commonly exploited weak security controls and practices, they are encouraged to adopt a zero-trust security model, limit the ability of a local administrator account, control who has access to their data and services, harden conditional access policies, and verify that all machines, including cloud-based virtual machine instances do not have open Remote Desktop Protocol (RDP) ports. This article continues to discuss key points from the joint Cybersecurity Advisory regarding common weak security controls and recommended security practices that organizations should follow. 

HSToday reports "Weak Security Controls and Practices Routinely Exploited for Initial Access"