NSA, FBI, CISA and Allied Nations Joint Press Release on Cybersecurity Weaknesses
Agencies focused on cybersecurity in the US, the UK, Canada, New Zealand, and the Netherlands have jointly published an advisory “to raise awareness about the poor security configurations, weak controls and other poor network hygiene practices malicious cyber actors use to gain initial access to a victim’s system.” The document includes technical details about weak security controls, configurations, and security practices that are often exploited as well as suggested mitigations.
As is often the case, most of the recommendations have long been part of what is now the CIS Critical Controls, Implementation Groups 1 and some of IG 2, as well as the same requirements being long called out in the Australian “Essential 8.” If you are using security tools that provide those profiles, turn them on. If your tool does not support at least the Critical Security Controls, long past time to switch to ones one that do.
The recommendations are familiar, with the possible exception of zero trust, and before you roll your eyes, revisit these. The feasibility of implementing many things is changing and it may now be feasible to roll out MFA, monitor for compromised credentials, check for default accounts and implement secure configurations. Don't forget to check on incident detection and response as well as threat intel sources needed to detect and respond to relative threats and incidents.