- The Cybersecurity and Infrastructure Security Agency (CISA) has released four new insights products.
- These products reflect insights from U.S. cyber intelligence and real-world incidents.
The four products — Mitigate DNS Infrastructure Tampering, Remediate Vulnerabilities for Internet-Accessible Systems, Secure High Value Assets, and Enhance Email and Web Security — provide threat descriptions, lessons learned, recommendations, and relevant resources.
Mitigate DNS Infrastructure Tampering
A DNS attack begins by the hacker compromising an account that can change DNS records.
- Altering DNS records implies not just traffic redirection, but also decryption of the redirected traffic.
- CISA recommends reviewing DNS records, changing DNS passwords, adding multi-factor authentication to DNS accounts, and monitoring certificate transparency logs.
Remediate Vulnerabilities for Internet-Accessible Systems
Vulnerabilities in internet-accessible systems are being exploited by threat actors more than ever now. This insights product focuses on the vulnerabilities in systems that are accessible over the public internet.
- Basic prevention methods include having at least a weekly vulnerability scan that covers all internet-accessible systems.
- It is recommended that critical vulnerabilities must be patched within 15 days, and high vulnerabilities within 30 days. If it is not possible to roll out a patch within these timelines, an organization-wide plan for action and coordination must be in place.
Secure High Value Assets
According to CISA, “A High Value Asset (HVA) is information or an information system that is so critical to an organization that the loss or corruption of this information or loss of access to the system would have serious impact to the organization’s ability to perform its mission or conduct business.”
- Recommended actions include identifying and prioritizing HVA, establishing an organization-wide HVA governance program, and developing an assessment approach based on HVA prioritization among others.
- Identified risks or vulnerabilities must be patched within 30 days. If not, a remediation plan must be developed.
Enhance Email and Web Security
“Phishing emails and the use of unencrypted Hypertext Transfer Protocol (HTTP) remain persistent channels through which malicious actors can exploit vulnerabilities in an organization’s cybersecurity posture,” says CISA.
- Phishing email attacks can be prevented by setting a DMARC policy of ‘reject’ or implementing SPF/DKIM rules.
- It is recommended that organizations consider the deployment of HTTPS and HSTS to improve web security.