network segmentation absence
Another fundamental security control element documented is the need for network segmentation. Network segmentation also fits into the larger trend toward zero trust. Enterprises that do not segment their networks are unable to establish secure boundaries between different systems, environments, and data types.
In this case, a malicious actor can compromise one system and move freely between systems without encountering resistance or additional security controls and perimeters that could hinder their malicious activities. The document specifically points out the problem of poor segmentation between IT and OT networks, putting OT networks at risk. This is because it has a practical impact on security and safety in environments such as industrial control systems.
poor patch management
Patching seems to be the thing everyone avoids most in the cybersecurity field. The document points out that if you do not apply the latest patches, your system will be exposed to exploits by malicious actors targeting known vulnerabilities.
Even companies that regularly implement patches are not free from problems. As pointed out by the Cyentia Institute and others, the company’s remediation capacity, that is, the ability to correct vulnerabilities (including correction through patches), is substandard.
On average, companies are only able to remediate 1 in 10 new vulnerabilities each month, resulting in a vulnerability backlog that continues to grow exponentially. Ponemon, Data from other labs, such as RezilionIt was also found that the company’s vulnerability backlog ranges from hundreds of thousands to millions of vulnerabilities.
Additionally, attackers can exploit vulnerabilities approximately 30% faster than companies can remediate them. Qualys survey resultsIf you add this up, disaster is only a matter of time. Remember that an attacker only needs to be hit once in many attempts.
Issues mentioned in the document include not implementing regular patches and using unsupported operating systems and firmware (i.e., no longer patched and not supported by the vendor). Personally, I would like to add the need for companies to use secure open source components and ensure they are using the latest versions. This is because many companies are not doing this properly, which is causing an increase in software supply chain attacks.
system access control detour
Although the need for access control has been emphasized time and time again, situations still exist where malicious actors can bypass system access controls. A case explicitly pointed out in this guide is when a hash is collected for authentication information, such as a Pass-the-Hash (PtH) attack, and then this information is used to elevate privileges and gain unauthorized access to the system.
vulnerable or wrong Configured MFA method
In this section, CISA and NSA also talk about the risk of PtH type attacks. These are that even though many government/DoD networks use MFA such as smart cards and tokens, password hashes still exist for accounts, and if MFA is not enforced or properly configured, malicious actors can use these hashes to gain unauthorized access. It is pointed out that it can be obtained. Of course, this problem can also exist in commercial systems using Yubikey or other digital form factors and authentication tools.
phishing Prevent MFAof absence
Although the industry as a whole has been promoting multi-factor authentication (MFA) for quite some time, the reality is that not all MFA is created equal. There are MFAs that are not phishing-resistant due to misconfigurations and weaknesses, which means they are vulnerable to attacks such as SIM swap. CISA’s Fact Sheet “Implement anti-phishing MFAResources like ” can help managers get on the right track.
network share and of service access control inventory insufficiency
The first target for most malicious actors is data. So it’s no surprise that this list includes network shares and services that aren’t sufficiently protected. According to the guide, attackers use annotations, OSS tools, and custom malware to identify and exploit insecure exposed data stores.
Of course, this situation can be seen in on-premises data storage and services, but this trend has accelerated with the introduction of cloud computing, misconfigured storage services by users, and the combination of low-cost, high-capacity cloud storage. As a result, attackers can steal massive amounts of data, both in scale and in the number of individuals affected.
The guide also highlights that not only can attackers steal data, but they can also use this data for other malicious purposes, such as gathering information for future attacks, extortion, or identifying credentials to exploit.
poor qualifications proof hygiene
Credential compromise remains a major attack vector. According to Verizon’s DBIR, compromised credentials were used in more than half of all attacks. The issue specifically addressed in this guide is easily cracked or plaintext passwords, both of which attackers use to compromise environments and businesses.
With the advent of the cloud and the proliferation of declarative code-as-code infrastructure and machine identification and authentication, the exploitation of confidential information, including credentials, has exploded. Security company GitGuardian State of Secret Sprawl ReportThis issue is also well documented.
This issue is also why companies are implementing confidential information management features into their platforms and solutions. Even the most capable digital companies continue to face the same problems, such as Samsung, where a source code leak exposed more than 6,000 secret keys.
pharmaceutical no cord execution
It’s a simple and clear problem. Attackers seek ways to execute arbitrary malicious payloads on systems and networks. Unverified and unapproved programs can run malicious code on systems or endpoints, which poses significant risk in that it can lead to a breach and facilitate the lateral movement or spread of malicious software across corporate networks.
The guide points out that this code can take many forms, including executable files, dynamic link libraries, HTML applications, and even scripts in office software applications such as macros.
dl-itworldkorea@foundryco.com
Source: www.itworld.co.kr
