<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Franklin Gothic Book";
panose-1:2 11 5 3 2 1 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoNoSpacing, li.MsoNoSpacing, div.MsoNoSpacing
{mso-style-priority:1;
margin-top:0in;
margin-right:31.7pt;
margin-bottom:0in;
margin-left:0in;
text-autospace:none;
font-size:11.0pt;
font-family:"Franklin Gothic Book",sans-serif;}
p.paragraph, li.paragraph, div.paragraph
{mso-style-name:paragraph;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.normaltextrun
{mso-style-name:normaltextrun;}
span.contextualspellingandgrammarerror
{mso-style-name:contextualspellingandgrammarerror;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1002322406;
mso-list-template-ids:-284553714;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:1312712132;
mso-list-type:hybrid;
mso-list-template-ids:-625991340 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">FYSA<o:p></o:p></p>
<p class="paragraph" style="mso-margin-top-alt:0in;margin-right:3.0pt;margin-bottom:0in;margin-left:0in;vertical-align:baseline">
<o:p> </o:p></p>
<p class="MsoNoSpacing"><span class="normaltextrun">The Cybersecurity and Infrastructure Security Agency (</span><a href="https://www.cisa.gov/" target="_blank"><span class="normaltextrun"><span style="color:blue">CISA</span></span></a><span class="normaltextrun">)
published </span><span class="contextualspellingandgrammarerror">a</span><span class="normaltextrun">
</span>joint Cybersecurity Advisory<span class="normaltextrun"> that identifies commonly exploited controls and practices used by cyber actors t</span><span style="color:black">o gain initial access or as part of other tactics to compromise a victims’ system.
<o:p></o:p></span></p>
<p class="MsoNoSpacing"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNoSpacing"><span class="normaltextrun">In partnership with the Federal Bureau of Investigation (</span><a href="https://www.fbi.gov/investigate/cyber" target="_blank"><span class="normaltextrun"><span style="color:blue">FBI</span></span></a><span class="normaltextrun">),
National Security Agency (</span><a href="https://www.nsa.gov/Cybersecurity/" target="_blank"><span class="normaltextrun"><span style="color:blue">NSA</span></span></a><span class="normaltextrun">), and international partners from the Canadian Centre for Cyber
Security (</span><a href="https://cyber.gc.ca/en/" target="_blank"><span class="normaltextrun"><span style="color:blue">CCCS</span></span></a><span class="normaltextrun">), New Zealand National Cyber Security Centre (</span><a href="https://www.gcsb.govt.nz/">NZ
NCSC</a><span class="normaltextrun">), </span>Computer Emergency Response Team New Zealand (<a href="https://www.cert.govt.nz/">CERT-NZ</a>), Netherlands National Cyber Security Centre (<a href="https://english.ncsc.nl/">NCSC-NL</a>), and
<span class="normaltextrun">United Kingdom’s National Cyber Security Centre (</span><a href="https://www.ncsc.gov.uk/" target="_blank"><span class="normaltextrun"><span style="color:blue">NCSC-UK</span></span></a><span class="normaltextrun">) it includes best
practices to mitigate the malicious tactics and weaknesses. <o:p></o:p></span></p>
<p class="MsoNoSpacing"><span class="normaltextrun"><o:p> </o:p></span></p>
<p class="paragraph" style="margin:0in;vertical-align:baseline"><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">The CSA, “</span></span><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif"><a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-137a">Weak
Security Controls and Practices Routinely Exploited for Initial Access</a><span class="normaltextrun">”, provides several recommendations and technical details that organizations can take to reduce their risk of becoming a victim to malicious cyber activity,
such as: <o:p></o:p></span></span></p>
<p class="paragraph" style="margin:0in;vertical-align:baseline"><o:p> </o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="paragraph" style="margin-top:0in;margin-bottom:0in;mso-list:l1 level1 lfo3;vertical-align:baseline">
<span class="normaltextrun"><b><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">Control access</span></b></span><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">, including<b>
</b>adopt a zero-trust security model that eliminates implicit trust in any one element, node, or service, and control who has access to your data and services.
</span><o:p></o:p></span></li><li class="paragraph" style="margin-top:0in;margin-bottom:0in;mso-list:l1 level1 lfo3;vertical-align:baseline">
<span class="normaltextrun"><b><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">Implement credential hardening</span></b></span><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">,
including apply multifactor authentication (MFA) on all virtual private network (VPN) connections, external-facing services, and privileged accounts.
</span></span><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></span></li><li class="paragraph" style="margin-top:0in;margin-bottom:0in;mso-list:l1 level1 lfo3;vertical-align:baseline">
<span class="normaltextrun"><b><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">Establish centralized log management</span></b></span><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">,
including ensure that each application and system generates sufficient log information.
</span></span><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></span></li><li class="paragraph" style="margin-top:0in;margin-bottom:0in;mso-list:l1 level1 lfo3;vertical-align:baseline">
<span class="normaltextrun"><b><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">Employ antivirus programs,
</span></b></span><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">including monitor antivirus scan results on a routine basis.
</span></span><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></span></li><li class="paragraph" style="margin-top:0in;margin-bottom:0in;mso-list:l1 level1 lfo3;vertical-align:baseline">
<span class="normaltextrun"><b><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">Use detection tools and search for vulnerabilities,
</span></b></span><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">including implement endpoint and detection response tools.
</span></span><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></span></li><li class="paragraph" style="margin-top:0in;margin-bottom:0in;mso-list:l1 level1 lfo3;vertical-align:baseline">
<span class="normaltextrun"><b><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">Maintain rigorous configuration management programs</span></b></span><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">,
including always operate services exposed on internet-accessible hosts with secure configuration.
</span></span><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></span></li><li class="paragraph" style="margin-top:0in;margin-bottom:0in;mso-list:l1 level1 lfo3;vertical-align:baseline">
<span class="normaltextrun"><b><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">Initiate a software and patch management program</span></b></span><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">,
including prioritize patching known exploited vulnerabilities. </span></span><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></span></li></ul>
<p class="MsoNoSpacing"><span class="normaltextrun"><o:p> </o:p></span></p>
<p class="MsoNoSpacing">Along with our interagency and international partners, CISA encourages all organizations to review t<span class="normaltextrun">he advisory for more details on the malicious actors’ commonly used techniques for initial access, recommended
practices, </span>and apply the recommended mitigations in this advisory. <o:p></o:p></p>
<p class="MsoNoSpacing"><o:p> </o:p></p>
<p class="MsoNoSpacing">In addition, we encourage all organizations to review CISA’s Shields Up webpage to find recommended guidance and actions for all organizations, corporate leaders and CEOs, steps to protect yourself and your family, and a technical webpage
with guidance from CISA and Joint Cyber Defense Collaborative (JCDC) industry partners.
<o:p></o:p></p>
<p class="MsoNoSpacing"><o:p> </o:p></p>
<p class="MsoNoSpacing">CISA and our partners are posting information about our joint advisory on their social media platforms. We appreciate you sharing this information and/or amplifying our social media with your community of followers.
<o:p></o:p></p>
<p class="MsoNoSpacing"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cyber Security Advisor, Region 10 (Oregon)
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">
</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_1" src="cid:image002.png@01D869BD.65E6CE70"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNoSpacing"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>