Five Eyes Cybersecurity Agencies Release Top 10 Initial Access Vectors

What does it say?

Top 10 attack vectors

• Multi-factor Authentication (MFA) not properly implemented.
• Incorrectly applied permissions or privileges and errors in access control lists.
• Unpatched software.
• Using default login credentials and vendor-supplied default configurations.
• VPNs and other remote services lack adequate controls to stop unauthorized access.
• Proper password hygiene is not implemented, such as weak passwords. Threat actors can use a variety of tactics to exploit weak, compromised, or leaked passwords to gain initial access to systems.
• Unprotected or poorly configured cloud services enable attackers to steal sensitive data and perform cryptojacking.
• Misconfigured services or open ports exposed to the internet are the most common vulnerability findings.
• inability to identify or block phishing attacks.
• Poor endpoint detection and response. Cybercriminals use obfuscated malicious scripts and PowerShell attacks to evade endpoint security controls.

What else?

• Last month Five Eyes cybersecurity authorities, in partnership with the NSA and the FBI, published a list of the top 15 vulnerabilities exploited by threat actors in 2021.
• Some of them include Log4Shell, ProxyShell, ProxyLogon, and ZeroLogon.
• Apart from the 15 listed in the advisory, other routinely exploited flaws are in Accellion FTA, Windows PrintSpooler, and Pulse Connect Secure.

The bottom line