In a business driven by advances in technology, ZAG is committed to providing ongoing monitoring of emerging security threats that may affect our clients and ultimately, the ability of these organizations to maintain profitability.
We are aware that cybercriminals will continue to develop new tactics, just as we continue to monitor and put new safeguards in place across our organizations. But it’s important that we share this information and educate our client base as new threat vectors are identified.
Here, we outline the most common ways that criminals penetrate networks:
MFA is not enforced. Multi-factor authentication (MFA), particularly for remote access, can prevent account takeovers.
The fix: All users should be required to use MFA across all access points to a company’s network. Implement controls on access levels for the company’s admin accounts to prevent additional risk.
Incorrectly applied privileges and errors with ACLs. These mistakes can prevent the enforcement of access control rules that could allow unauthorized access to users and/or attackers.
The fix: Control access review access privileges for all machines, including cloud-based services. Perform periodic user access reviews to ensure the least privilege is implemented.
Software not updated. This unfortunately remains one of the most common attack vectors, despite our awareness of these threats. Unpatched software may allow an attacker to exploit publicly known vulnerabilities to access systems.
The fix: Patch software as updates become available to help address vulnerabilities, establish a regular cadence for updating servers, and employ antivirus programs; identify and mitigate any unsupported or end-of-life devices.
Use of default configurations or passwords. Many devices are pre-configured with default administrator usernames, passwords, and security settings to simplify setup and customer support. However, leaving these credentials unchanged creates opportunities for malicious activity, as these default configurations are often publicly available and exploited.
The fix: Change default configurations to incorporate security best practices, maintain a configuration management program that continually assesses the business need for internet-facing services; never enable external access without compensating controls.
Insecure remote services. Improperly configured VPNs and firewalls can allow attackers to bypass controls for remote team member access.
The fix: Embrace the principle of least access, limit admin access mechanisms, and implement Zero Trust.
Weak passwords. Attackers can crack weak passwords in minutes to gain system access. This is a particularly severe threat in the absence of MFA protocols and best practices.
The fix: Set complex password requirements, enable MFA across all applications.
Cloud services are unprotected. Misconfigured cloud services can result in sensitive data theft.
The fix: Conduct regular audits of all cloud tenancies for security best practices, extend SIEM / XDR / MDR solutions to the cloud environment.
Open ports and misconfigured services are exposed to the internet. Attackers use scanning tools for any weaknesses or open services that could enable their initial foothold in the environment, RDP, SMB, Telnet, and NetBIOs are particularly high-risk protocols.
The fix: Employ detection tools, search regularly for vulnerabilities, and close all unnecessary internet-facing ports on the firewall (RDP in particular).
Failure to detect or block phishing attacks. Attackers use a variety of social engineering techniques to trick users into letting them into the environment.
The fix: One of the best ways to combat this is by implementing employee training and putting processes in place across the organization.
ZAG provides IT Security Review and Compliance guidance, consulting, and security reviews for clients and prospects interested in learning where they stand with regard to identifying and addressing vulnerabilities. Learn more here and let us help guide you on your IT security journey.