In a recent revelation, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have shed light on the ten most common cybersecurity misconfigurations that have been identified by their red and blue teams during assessments of large organizations’ networks.
This advisory also delves into the tactics, techniques, and procedures (TTPs) employed by threat actors to exploit these misconfigurations, with objectives ranging from gaining access to sensitive information to targeting vital systems.
The valuable insights presented in this report have been gathered through rigorous assessments and incident response activities conducted by the Red and Blue teams of both agencies. These evaluations span a wide spectrum, including the networks of the Department of Defense (DoD), Federal Civilian Executive Branch (FCEB), state, local, tribal, and territorial (SLTT) governments, as well as the private sector.
The discoveries made during these assessments underscore the alarming prevalence of common misconfigurations, such as default credentials, service permissions, and configurations of software and applications.
Other notable vulnerabilities include improper separation of user/administrator privilege, insufficient internal network monitoring, poor patch management, and the bypassing of system access controls.
Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, emphasized the gravity of these misconfigurations, stating that they place every American at risk. The top ten misconfigurations highlighted by NSA and CISA’s teams are as follows:
As elucidated in the joint advisory, these common misconfigurations reveal systemic vulnerabilities within the networks of numerous large organizations. This emphasizes the crucial need for software manufacturers to adopt secure-by-design principles to mitigate the risk of compromise.
Rob Joyce, a prominent figure in the field of cybersecurity, endorsed the call for proactive practices among software manufacturers. These practices include integrating security controls into the product architecture from the initial stages of development and throughout the software development lifecycle.
Furthermore, the discontinuation of default passwords and safeguarding individual security controls to prevent the compromise of entire systems is vital. Eliminating whole categories of vulnerabilities, such as adopting memory-safe coding languages and implementing parameterized queries, is also advocated.
Goldstein stressed the importance of mandating multifactor authentication (MFA) for privileged users and making it a standard practice, rather than an optional choice.
To counter these common misconfigurations, NSA and CISA advise network defenders to implement several recommended mitigation measures, including:
In addition to these measures, NSA and CISA encourage organizations to test and validate their security programs against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework. The two federal agencies also recommend testing existing security controls inventory to assess their effectiveness against the ATT&CK techniques outlined in the advisory.
Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…
Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…
Discover the top 11 log management tools for efficient system management and monitoring. Learn about…
Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…
Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…
Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…