The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing a joint Cybersecurity Advisory (CSA) highlighting the top ten most common cybersecurity misconfigurations found in large organizations’ networks. The CSA details tactics, techniques, and procedures (TTPs) that cyber actors could use to compromise these networks, as well as mitigations to defend against this threat.
The report includes information from NSA and CISA Red and Blue team assessments, as well as activities of NSA and CISA Hunt and Incident Response teams. These teams have assessed the security posture of many networks across the Department of Defense (DoD), Federal Civilian Executive Branch (FCEB), state, local, tribal, and territorial (SLTT) governments, and the private sector.
As indicated in the CSA, these most common misconfigurations illustrate a trend of systemic weaknesses in several large organizations and the importance of software manufacturers embracing secure-by-design principles to reduce the risk of compromise.
Some of the misconfigurations mentioned in the CSA include default configurations of software and applications, weak or misconfigured multifactor authentication (MFA) methods, and unrestricted code execution.
NSA and CISA encourage network defenders and software manufacturers to implement the recommendations found within the Mitigations section of this advisory to reduce the risk of compromise. The agencies also recommend network owners and operators examine their networks for similar misconfigurations even when running other software not specifically mentioned in the advisory.
