Federal authorities issue stark warning: Cybercriminals exploit trivial security issues
In a joint advisory, cybersecurity agencies from the Five Eyes countries – the United States, United Kingdom, Canada, Australia, and New Zealand – have warned organizations to tighten up security controls to prevent adversaries from gaining initial access to poorly protected IT systems.
The advisory highlights that nation-state and criminal actors are actively seeking private sector and government targets. These threat actors are known to target key industrial sectors, government agencies, and nonprofit groups doing humanitarian work.
The concern arises as many companies are leaving their computer systems exposed to the internet, failing to enforce multi-factor authentication (MFA), using vendor-supplied default settings, or continuing to run outdated software. Threat actors are taking advantage of these configuration mistakes, exploiting them to compromise their victims, according to Firstbrook.
Moreover, the advisory emphasizes the importance of enforcing MFA and keeping software up to date to prevent initial access by malicious threat actors. This is particularly relevant in the context of the increasing use of remote work, where threat actors are taking advantage of poorly secured remote access software or vulnerable virtual private networks.
The advisory serves as a reminder for international companies to strengthen their usual cybersecurity practices at a time when nation-state and criminal actors are actively looking for private sector and government targets. It encourages corporate stakeholders to better understand the risk calculus of their technology stacks, asking the question: Are we a target?
Rob Joyce, director of cybersecurity at the NSA, stated on Twitter earlier this week that there is no need for fancy zero-days when weak controls and misconfigurations allow adversaries access. The advisory further underlines the need for organizations to understand the risks associated with their technology stacks and whether they are potential targets for cyberattacks.
The advisory comes in the wake of high-profile cyberattacks, such as the 2021 ransomware attack against Colonial Pipeline, which began as an attack on the company's IT system. Threat actors sympathetic to Russia and sophisticated state-linked actors have also been targeting U.S. and NATO allies since the beginning of the Ukraine war.
About 40% of breaches are caused by "well known misconfiguration of common controls," according to Gartner Research VP Peter Firstbrook. The advisory aims to help organizations address these common vulnerabilities and strengthen their defences against cyber threats.
