[CDP-development] CISA Releases Joint Cybersecurity Advisory Warning of Weak Cybersecurity Controls and Practices Routinely Exploited

[Masse, Theresa]

FYSA



The Cybersecurity and Infrastructure Security Agency (CISA<https://www.cisa.gov/>) published a joint Cybersecurity Advisory that identifies commonly exploited controls and practices used by cyber actors to gain initial access or as part of other tactics to compromise a victims' system.



In partnership with the Federal Bureau of Investigation (FBI<https://www.fbi.gov/investigate/cyber>), National Security Agency (NSA<https://www.nsa.gov/Cybersecurity/>), and international partners from the Canadian Centre for Cyber Security (CCCS<https://cyber.gc.ca/en/>), New Zealand National Cyber Security Centre (NZ NCSC<https://www.gcsb.govt.nz/>), Computer Emergency Response Team New Zealand (CERT-NZ<https://www.cert.govt.nz/>), Netherlands National Cyber Security Centre (NCSC-NL<https://english.ncsc.nl/>), and United Kingdom's National Cyber Security Centre (NCSC-UK<https://www.ncsc.gov.uk/>) it includes best practices to mitigate the malicious tactics and weaknesses.



The CSA, "Weak Security Controls and Practices Routinely Exploited for Initial Access<https://www.cisa.gov/uscert/ncas/alerts/aa22-137a>", provides several recommendations and technical details that organizations can take to reduce their risk of becoming a victim to malicious cyber activity, such as:



  *   Control access, including adopt a zero-trust security model that eliminates implicit trust in any one element, node, or service, and control who has access to your data and services.
  *   Implement credential hardening, including apply multifactor authentication (MFA) on all virtual private network (VPN) connections, external-facing services, and privileged accounts.
  *   Establish centralized log management, including ensure that each application and system generates sufficient log information.
  *   Employ antivirus programs, including monitor antivirus scan results on a routine basis.
  *   Use detection tools and search for vulnerabilities, including implement endpoint and detection response tools.
  *   Maintain rigorous configuration management programs, including always operate services exposed on internet-accessible hosts with secure configuration.
  *   Initiate a software and patch management program, including prioritize patching known exploited vulnerabilities.



Along with our interagency and international partners, CISA encourages all organizations to review the advisory for more details on the malicious actors' commonly used techniques for initial access, recommended practices, and apply the recommended mitigations in this advisory.



In addition, we encourage all organizations to review CISA's Shields Up webpage to find recommended guidance and actions for all organizations, corporate leaders and CEOs, steps to protect yourself and your family, and a technical webpage with guidance from CISA and Joint Cyber Defense Collaborative (JCDC) industry partners.



CISA and our partners are posting information about our joint advisory on their social media platforms. We appreciate you sharing this information and/or amplifying our social media with your community of followers.



Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image002.png at 01D869BD.65E6CE70]




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220517/c771baf4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16152 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220517/c771baf4/attachment-0001.png>