The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) have recently issued a plea to network defenders, urging them to address common misconfiguration errors that make organizations vulnerable to cyberattacks. These misconfigurations have been identified as the top 10 most common network configurations by red and blue teams, as well as incident response teams from both agencies.
The first common misconfiguration highlighted by the agencies is default configurations of software and applications. Many organizations fail to change the default settings of their software and applications, making them easy targets for threat actors. By leaving these default configurations unchanged, organizations essentially provide a roadmap for hackers to exploit their systems.
The second common misconfiguration is the improper separation of user/administrator privilege. When user and administrator privileges are not properly separated, it becomes easier for threat actors to escalate their privileges and gain unauthorized access to sensitive data and systems.
Insufficient internal network monitoring is another common issue identified by the agencies. Without adequate monitoring in place, organizations may not detect suspicious activities or unauthorized access until it’s too late. This lack of visibility gives hackers the opportunity to infiltrate networks undetected and carry out their attacks.
The fourth misconfiguration highlighted by the agencies is the lack of network segmentation. Network segmentation plays a crucial role in reducing the impact of a cyberattack by limiting the lateral movement of hackers within a network. Without proper segmentation, threat actors can easily navigate through an organization’s systems and access sensitive data.
Poor patch management is also a significant concern. Organizations that fail to promptly apply patches for known vulnerabilities create opportunities for cybercriminals to exploit these weaknesses. Updating and patching software and applications is essential to prevent potential attackers from exploiting known vulnerabilities.
Bypass of system access controls is another misconfiguration that needs to be addressed. When system access controls can be easily bypassed, hackers can gain unauthorized access to critical systems and data. Organizations should implement robust access controls to limit unauthorized access and protect their resources.
Weak or misconfigured multifactor authentication (MFA) methods also rank among the top 10 misconfigurations. MFA adds an extra layer of security by requiring multiple credentials for authentication. However, if not properly implemented or configured, MFA can be easily bypassed by threat actors, rendering it ineffective in protecting sensitive information.
Insufficient access control lists (ACLs) on network shares and services is another common misconfiguration that organizations should address. Without proper ACLs, unauthorized users may gain access to network shares and services, potentially exposing sensitive data or compromising system integrity.
The ninth misconfiguration highlighted by the agencies is poor credential hygiene. Weak or easily guessable passwords, shared accounts, and failure to revoke access privileges for former employees all contribute to poor credential hygiene. These practices make it easier for hackers to compromise accounts and gain unauthorized access to critical systems.
The final misconfiguration identified is unrestricted code execution. Allowing code to execute without proper limits or restrictions creates an avenue for hackers to exploit vulnerabilities in the code and gain control of an organization’s systems.
The NSA and CISA emphasize that software providers play a crucial role in preventing these misconfigurations. They urge software providers to adopt secure-by-design principles, ensuring that their software and applications are inherently secure and resistant to common misconfigurations. By incorporating security measures into the design phase of software development, organizations can significantly reduce their vulnerability to cyberattacks.
“As America’s Cyber Defense Agency, CISA is charged with safeguarding our nation against ever-evolving cyber threats and to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day,” the advisory from the agencies states. “Ensuring software is secure by design will help keep every organization and every American more secure.”
In conclusion, organizations must prioritize the mitigation of common misconfigurations to enhance their cybersecurity posture. By addressing these issues, organizations can significantly reduce the risk of successful cyberattacks and protect their sensitive data and systems. Collaboration between network defenders, software providers, and cybersecurity agencies is crucial to creating a more secure digital environment.