NCSC advisory highlights poor security configurations
The GCSB's National Cyber Security Centre (NCSC) has released a cyber security advisory identifying commonly exploited controls and practices.
The advisory, issued in conjunction with CERT NZ and cyber security authorities in the US, Canada, the Netherlands and the UK, also offers best practices for mitigating these issues.
The NCSC notes that malicious cyber actors regularly exploit poor security configurations that have either been misconfigured or left unsecured.
In addition, they also exploit weak controls and other poor cyber hygiene practices to get initial access or as part of another strategy to compromise a system.
Common targets for cyber actors include:
- Multifactor authentication not being enforced
- Incorrectly applied privileges or permissions and errors within access control lists
- Software that needs to be updated
- Use of vendor-supplied default configurations or default login usernames and passwords
- Remote services, including a VPN, lacking adequate controls to prevent unauthorised access
- Strong password policies not being implemented
- Unprotected cloud services
- Open ports and misconfigured services that are exposed to the internet
- Failure to detect or block phishing attempts
- Poor endpoint detection and response
The joint advisory recommends following a variety of practices that can help a company to strengthen its network defences.
Recommendations include applying credential hardening, making access control stronger, using centralised log management, providing detection tools and antivirus programmes, maintaining robust configuration management programmes and creating a software patch management programme.
The release of this advisory comes after the NCSC issued a cyber security advisory in collaboration with its international partners detailing common vulnerabilities and exposures, including the 15 most commonly exploited of 2021.
The NCSC notes that disclosed critical software vulnerabilities in both the public and private sectors continue to be a significant target for malicious cyber actors.
Even though the top 15 vulnerabilities have previously been disclosed, the NCSC explains that the advisory is intended to assist companies in prioritising their mitigation strategies.
As part of her ANZAC address, NCSC director Lisa Fong also recently acknowledged the importance of strong inter-country relationships and commitments to stop national cyber threats.
"The GCSB is a signals intelligence agency, delivering the New Zealand Government similar services to the United Kingdom's GCHQ and the Australian Signals Directorate. As part of our functions we all have a national cyber security centre to deliver our cyber security mandate," Fong said in her address.
"Day to day, the opportunity in our international partnerships, as in our domestic, comes down to the quality of the relationships between our people. It takes effort to maintain mutual trust, willingness to experiment and respect for our relative contributions. It takes responsiveness to rapid context-shifting and a shared expectation that in moments of vulnerability we will be there for each other."