Multiple Cybersecurity agencies published a joint cybersecurity advisory disclosing the top 10 initial access vectors of this year. The advisory has been issued by agencies from the U.S., New Zealand, Canada, the U.K, and the Netherlands.

What does it say?

The cybersecurity advisory states that threat actors abuse unsecured or misconfigured configurations and weak controls, among other weak cyber hygiene practices, to gain access to the target system. It delineates the top attack vectors used by most threat actors, along with their favorite ones.

Top 10 attack vectors

  • Multi-factor Authentication (MFA) not properly implemented.
  • Incorrectly applied permissions or privileges and errors in access control lists.
  • Unpatched software.
  • Using default login credentials and vendor-supplied default configurations.
  • VPNs and other remote services lack adequate controls to stop unauthorized access.
  • Proper password hygiene is not implemented, such as weak passwords. Threat actors can use a variety of tactics to exploit weak, compromised, or leaked passwords to gain initial access to systems.
  • Unprotected or poorly configured cloud services enable attackers to steal sensitive data and perform cryptojacking.
  • Misconfigured services or open ports exposed to the internet are the most common vulnerability findings.
  • inability to identify or block phishing attacks.
  • Poor endpoint detection and response. Cybercriminals use obfuscated malicious scripts and PowerShell attacks to evade endpoint security controls.

What else?

  • Last month Five Eyes cybersecurity authorities, in partnership with the NSA and the FBI, published a list of the top 15 vulnerabilities exploited by threat actors in 2021.
  • Some of them include Log4Shell, ProxyShell, ProxyLogon, and ZeroLogon.
  • Apart from the 15 listed in the advisory, other routinely exploited flaws are in Accellion FTA, Windows PrintSpooler, and Pulse Connect Secure.

The bottom line

Cybercriminals will do anything and go to any length to breach a system and achieve their aims. The advisory lists a series of mitigation measures, such as adopting a zero-trust security model, implementing MFA, installing antivirus software, and maintaining a software and patch management system, among others, to stay safe from cyberattacks.

Cyware Publisher