Cyber Threat Actors are Creatures of Habit

From known and routinely exploited vulnerabilities to routinely exploited controls and practices, cyber threat actors often stick with what works and take the path of least resistance. While there are sophisticated threat groups that research vulnerabilities and develop new exploits and attack behaviors, many repeatedly use the same tactics over and over. Essentially, bad guys keep using the same methods, because the same methods keep working when organizations are slow to bolster their cybersecurity postures with recommended practices such as patching and credential hardening efforts. To that end, international cybersecurity authorities have recently published multiple joint Cybersecurity Advisories (CSAs) addressing common threat actor behaviors to give organizations quick-wins to protect their networks.

Last month, WaterISAC posted Beyond Just the Known Exploited Vulnerabilities to the Vulnerabilities Threat Actors are Routinely Exploiting in response to joint Cybersecurity Advisory (CSA), 2021 Top Routinely Exploited Vulnerabilities (AA22-117A) highlighting multiple vulnerabilities that threat actors are routinely exploiting. We are sharing another joint CSA published today on 10 routinely exploited weak security controls, poor configurations, and bad practices that allow malicious actors to compromise networks. Weak Security Controls and Practices Routinely Exploited for Initial Access (AA22-137A) covers many poor practices by organizations that threat actors routinely exploit to gain initial access into target networks. Organizations that implement common best practices are in a much more cyber defensible position to detect an attack before it occurs. Members are encouraged to review the CSA and apply the recommended mitigations to keep malicious actors from exploiting public-facing applications, external remote services, phishing, trusted relationships, and valid accounts to gain unauthorized initial access. Read more at CISA.