CISA Alert AA22-137A – Weak security controls and practices routinely exploited for initial access.

This is a CISA Cybersecurity Alert. ID number Alpha Alpha Two Two tack One Three Seven Alpha.

Original release date: May Seventeenth, twenty twenty two.

This joint cybersecurity advisory was coauthored by the cybersecurity authorities of the US, Canada, New Zealand, the Netherlands, and the UK. Cyber actors routinely exploit poor security configurations, weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system. This joint Cybersecurity Advisory identifies commonly exploited controls and practices, and includes best practices to mitigate these risks.

The alert documentation defines ten major exploitation vectors regularly used by malicious cyber actors. In order to mitigate these vectors, CISA outlines and provides resources for eighteen security controls under seven control categories.

CISA recommends organizations re-evaluate their security posture and implement additional controls under the categories of…

Control access,

Implement credential hardening,

Establish centralized log management,

Employ antivirus programs,

Employ detection tools and search for vulnerabilities,

Maintain rigorous configuration management programs, and

Initiate a software and patch management program.

Implementing the eighteen security best practices under these critical control categories can help organizations strengthen their network defenses against commonly exploited and weak security controls.

The alert documentation and resources linked in the show notes provide additional guidance for establishing effective mitigation tactics and procedures.

All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.

This report was written by CISA, the United States Cybersecurity and Infrastructure Security Agency, and edited and adapted for audio by the CyberWire as a public service. Please visit www dot cisa dot gov to read the full report which may include additional details, links, and illustrations. A link to this report can be found in the show notes.

This has been a CISA Cybersecurity Alert.