The top ten most frequent cybersecurity misconfigurations found by the red and blue teams of the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) in the networks of significant enterprises were made public today.
The advice released today delineates the strategies, methods, and protocols (TTPs) used by malevolent actors to effectively leverage these misconfigurations for diverse objectives, such as obtaining entry, lateral movement, and targeting of confidential data or systems.
The Red and Blue teams from the two agencies gathered the data for the report while conducting evaluations and handling incidents.
The following are the top 10 most common network configurations found by NSA and CISA Hunt and Incident Response teams, as well as Red and Blue team assessments:
Software and application default setups
User and administrator privileges not properly separated; inadequate internal network monitoring
Segmenting the network improperly
Ineffective patch management
evading system access restrictions
inadequate or incorrectly set up multifactor authentication (MFA) techniques
ACLs (access control lists) on network shares and services are insufficient
Improper credentialing
Unrestrained execution of code
These typical misconfigurations illustrate systemic vulnerabilities in the networks of many big businesses, as mentioned in the joint advice.
Â