In today's cyber threat environment prompted by economic conditions and amid today's heightened geopolitical tensions due to Russia's invasion of Ukraine, cybersecurity has taken on renewed urgency.
The US Cybersecurity and Infrastructure Agency (CISA) and it's peers around the world have created an issued a list of concerns that prioritize things companies and individuals can do to minimize threats to systems. This list is called Alert (AA22-137A).
- Multifactor authentication (MFA) is not enforced.
- Incorrectly applied privileges or permissions and errors within access control lists.
- Software is not up to date.
- Use of vendor-supplied default configurations or default login usernames and passwords.
- Remote services, such as a virtual private network (VPN), lack sufficient controls to prevent unauthorized access.
- Strong password policies are not implemented.
- Cloud services are unprotected.
- Open ports and misconfigured services are exposed to the internet.
- Failure to detect or block phishing attempts.
- Poor endpoint detection and response.
MFA is becoming a prerequisite required by insurance companies who provide coverage against damage caused by cyber attackers.
If your company has MFA implemented none of the above can happen since the attacker cannot access the compromised account without the code that is delivered via text or a secondary email account.
Software is not up to date. Because of non patched systems, even MFA was compromised. Last year Russian hackers combined a default policy shared by multiple MFA solutions and a Windows printer privilege of escalation flaw to disable MFA for active domain accounts and then establish remote desktop protocol (RDP) connections to Windows domain controllers
Be sure to keep your computers and devices updated. Check and make sure Windows Update is running and apply updates when available.
Use of vendor-supplied default configurations or default login usernames and passwords. Routers, switches, printers and other devices are delivered with User names and passwords to prevent access to the device and the underlying network. These credentials are the same for all of a manufacturer's products and readily available via a Google search online. Discover what your device's credentials are and change them. You can do this generally via a browser interface using the IP or Mac address or the device.
ISPs, internet service providers routers and equipment are guilty of this as well. Comcast, AT&T have public IP addresses that can be used to access and exploit the device using these credentials. Linksys, Netgear and almost all consumer routers are guilty as well.
Strong Passwords. Too many users take password policy lightly. Avoid using dates that coincide with life events, i.e. birthdays, anniversaries, etc. Do not use consecutive numbers and when strong passwords are established, avoid changing a good password by adding a one when it expires, example, Zav98721 to Zav98722. Attackers and their algorithms are wise to this and once a user and compromised password on on the dark web, an attacker will try this. For more info on creating strong passwords, see my previous blog post from March 7, 2022.
https://dforceatl.blogspot.com/2022/03/httpswwwcnbccom20220227most-common.html
For more info on securing your computer and network environment, use the following link to the full article;
