The US National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) have released a joint cyber security advisory, which highlights the most common cyber security misconfigurations in large organizations, and details the tactics, techniques, and procedures (TTPs) actors use to exploit these misconfigurations.
Through NSA and CISA Red and Blue team assessments, as well as through the activities of NSA and CISA Hunt and Incident Response teams, the agencies identified the ten most common network misconfigurations as:
- Default configurations of software and applications
- Improper separation of user/administrator privilege
- Insufficient internal network monitoring
- Lack of network segmentation
- Poor patch management
- Bypass of system access controls
- Weak or misconfigured multifactor authentication (MFA) methods
- Insufficient access control lists (ACLs) on network shares and services
- Poor credential hygiene
- Unrestricted code execution.
The advisory says that these misconfigurations illustrate a trend of systemic weaknesses in many large organizations, including those with mature cyber postures, and the importance of software manufacturers embracing secure-by-design principles to reduce the burden on network defenders.