Letter/Comment
FBI TLP White Joint Cyber Advisory: Weak Security Controls And Practices Routinely Exploited For Initial Access
May 17, 2022
SUMMARY
Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system. This joint Cybersecurity Advisory identifies commonly exploited controls and practices and includes best practices to mitigate the issues.
This advisory was coauthored by the cybersecurity authorities of the United States,[1],[2],[3] Canada,[4] New Zealand,[5],[6] the Netherlands,[7] and the United Kingdom.[8] [Download the PDF version of this report (pdf, ###kb).]
TECHNICAL DETAILS
Malicious actors commonly use the following techniques to gain initial access to victim networks.[TA0001]
- Exploit Public-Facing Application [T1190]
- External Remote Services [T1133]
- Phishing [T1566]
- Trusted Relationship [T1199]
- Valid Accounts [T1078]
View detailed report below.
Best Practices to Protect Your Systems
- Control access.
- Harden credentials.
- Establish centralized log management.
- Use antivirus solutions.
- Employ detection tools.
- Operate services exposed on internet-accessible hosts with secure configurations.
- Keep software updated.
For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:
John Riggi
National Advisor for Cybersecurity and Risk, AHA
jriggi@aha.org
(O) +1 202 626 2272
Key Resources
Related Resources
Special Bulletin
Special Bulletin