Even if cyber criminals and hackers use increasingly sophisticated attack techniques to break into company networks, security breaches can often be traced back to avoidable, often overlooked misconfigurations.
In order not to open the door to hackers to sensitive data and IT environments, here are the five most common configuration errors that companies should avoid.
1. Standard credentials
Unconfigured default device, database, and installation usernames and passwords are like leaving the key in a locked door. Even amateur hackers can use freely available tools to cause extensive damage to a company. Standard credentials on network devices such as firewalls, routers or even operating systems allow attackers to use simple password check scanners to gain direct access. For more sophisticated attacks, hackers run a series of scripted attacks to brute force into devices, focusing on either standard usernames and passwords or simple passwords like "qwerty" or "12345".
2. Multiple use of passwords
Using the same user account and password on every device in a fleet of endpoints gives cybercriminals the ability to attack any machine, even if only one device has suffered a security breach. From there, attackers can use credential dumping programs to get their hands on the passwords or even the hashes themselves. Companies should therefore avoid reusing passwords at all costs and deactivate unneeded accounts.
3. Open remote desktop services and standard ports
Services such as Remote Desktop Protocol (RDP), a proprietary protocol developed by Microsoft, provide administrators with an interface for remote control of computers. Increasingly, cyber criminals have abused this open protocol if it was not configured correctly. For example, ransomware such as CrySiS and SamSam can address companies via open RDP ports, both through brute force and dictionary attacks. Every outward-facing device that is connected to the Internet should therefore be protected by multilayered protection in order to combat access attempts such as a brute force attack. Administrators should use a combination of strong, complex passwords, firewalls, and access control lists to reduce the chance of a security breach.
4. Delayed software patching
Zero-day threats often hit the headlines, but the most common vulnerabilities cybercriminals exploit are usually digital fossils. Therefore, updating operating systems and patches is critical to preventing a security breach. While numerous exploits and vulnerabilities are found every day and it can be difficult to keep up, organizations need to avoid delayed software patching.
5. Logging switched off
Deactivated logging does not necessarily allow attackers to break into a system, but it does allow them to act there unnoticed. Once inside, hackers can move sideways across the network looking for data or assets they want to get out. Without appropriate logging, they leave no traces. This creates a needle in the haystack for IT teams when reconstructing a security incident. Therefore, logging should be enabled and sent to a central location such as a Security Information and Event Management (SIEM) platform. This data provides the traces that forensic analysts need during an incident response investigation to understand the attack and record the break-in. It also helps to respond adequately to threats that trigger an alert based on events that have already been logged.
Misconfigurations and leaving devices or platforms in their default state make it easy for cybercriminals to attack. Therefore, companies should implement the security measures mentioned above to protect themselves and their sensitive data.
More on this at DigitalGuardian.com[starboxid=6]