NSA and CISA Reveal Top 10 List – Security Misconfigurations
It is not news that the majority of breaches are not caused by sophisticated attackers figuring out how to bypass robust defenses.
For example, one of the largest attacks in the U.S., the Equifax breach, was caused by Equifax failing to patch a known bug, for which there was an available patch, even after DHS warned them that the bug was under active exploit.
With that in mind, here is the NSA’s top 10 list. This comes from simulated attacks that the NSA conducts on government and civilian infrastructure called red and blue teaming.
- Default configurations of software and applications – like, for example, not changing default passwords
- Improper separation of user and administrator permissions – allowing users (and technical teams) to operate with elevated permissions for non-admin functions increases risk of attackers exploiting vulnerabilities
- Insufficient internal network monitoring – what you don’t know about, you cannot stop
- Lack of network segmentation – the most well known case of this was the Target breach where a compromised account of a refrigeration repair vendor allowed hackers to access the credit card system because they were on the same network
- Poor patch management – see above, Equifax
- Bypass of system access controls – if you can bypass a control, why is it there
- Weak or misconfigured Multi-factor authentication – hackers are good at trying to bypass MFA so if you don’t implement it correctly, it won’t help much
- Insufficient access controls on network shares and services – if anyone can access data, so can the hackers
- Poor credential hygiene – one of the most popular passwords we see in breached password lists is 12345678
- And, last, unrestricted software execution – this often allows hackers to execute malware that they bring with them
If you think you may suffer from any of these and are not sure how to close the gap, please contact us.
Credit: Bleeping Computer