NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations

Cyber Security Threat Summary:
The UK's National Cyber Security Centre (NCSC) has released guidance to assist medium to large organizations in mapping their supply chains, with a focus on boosting confidence in managing vulnerabilities related to suppliers. Additionally, a report by Picus Security highlights the growing prevalence of multipurpose malware, which possesses multiple functionalities.

In a recent communication to our members, we highlighted a QakBot campaign that deploys the Ransomknight malware after initial exploitation—an illustrative example of such versatile malware. These new techniques emphasize the ongoing evolution of ransomware tactics, including the adaptation of ransomware attacks to target various infrastructures, presenting new challenges for cybersecurity.

Security Officer Comments:
The guidance provided by the NCSC on supply chain mapping is a valuable resource for organizations looking to bolster their cybersecurity defenses. In light of the growing prevalence of multipurpose malware, the document emphasizes the need for comprehensive threat detection and robust mitigation strategies.

Furthermore, it's crucial to acknowledge the trend of companies adopting cloud-based solutions for enhanced scalability and flexibility. As this shift continues, it's anticipated that ransomware attacks targeting cloud-based infrastructure will also rise. This underscores the importance of strengthening cloud security measures and implementing robust incident response plans to effectively safeguard critical data and infrastructure.

Suggested Correction(s):
The report recommends that manufacturers should cease using default passwords and ensure that compromising a single security control does not compromise the entire system's integrity. Proactive measures, including the adoption of memory-safe coding languages and the implementation of parameterized queries, should be employed to eliminate entire categories of vulnerabilities. The document also outlines several other areas of concern that companies can use as a checklist when conducting security assessments.

The full document is available here:
https://media.defense.gov/2023/Oct/...T_CSA_TOP_TEN_MISCONFIGURATIONS_TLP-CLEAR.PDF

Link(s):
https://www.bleepingcomputer.com/ne...eveal-top-10-cybersecurity-misconfigurations/