WASHINGTON—The Cybersecurity and Infrastructure Security Agency (CISA) has published a Cybersecurity Advisory (CSA) detailing tactics, techniques, procedures (TTPs) and key findings from a 2022 assessment aimed at providing steps to take to reduce the threat from malicious cyber actors.
The advisory highlights the importance for all organizations to collect and monitor logs for unusual activity as well as continuous testing and exercises to ensure their environment is not vulnerable to compromise, regardless of its cybersecurity maturity level, CUNA said.
During the assessment, CISA said its red team emulated cyber threat actors to assess the cyber detection and response capabilities of a large critical infrastructure organization with multiple geographically separated sites.
Key Findings
According to the CSA, among the key findings the team found that contributed to persistent, undetected access across the organization’s sites:
- Insufficient host and network monitoring. Some of the higher risk activities conducted by the team that could have been detected include phishing, lateral movement reuse
- anomalous Lightweight Directory Access Protocol (LDAP)
- Lack of monitoring on endpoint management systems. Endpoint management systems provide elevated access to thousands of hosts and should be treated as high value assets (HVAs) with additional restrictions and monitoring
- Excessive permissions to standard users. “This misconfiguration allowed the team to use the low-level access of a phished user to move laterally to an Unconstrained Delegation host and compromise a domain controller,” the report states
The Recommendations
CUNA noted that some of the recommended actions in this CSA can help all organizations harden their environment and protect against real-world malicious activity by cyber threat actors:
- Establish a security baseline of normal network activity; tune network and host-based appliances to detect anomalous behavior
- Conduct regular assessments to ensure appropriate procedures are created and can be followed by security staff and end users
- Enforce phishing-resistant MFA to the greatest extent possible
It’s Called Fresh for a Reason. And We Offer Home Delivery. For Free!
The biggest, best and freshest news reporting in credit unions remains free in ’23! Each morning CUToday.info delivers its daily Fresh Today news update offering the latest headlines and breaking news right to your email, with the easy-to-read headlines format allowing you to click on the stories that interest you most in order to learn more.
If you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time—and it’s free!
Please note that after signing up you may need to go to your Spam/Junk folder and mark the morning headlines email as safe. CUToday.info does not provide its list of readers and emails to outside parties, and we will not be contacting you to sell you an extended warranty or sending you any links so you may cash in on an inheritance you didn’t know was coming.
And did we mention it’s free?
Please note and/or make your IT department or email administrator aware the emails will be coming from the domains CUTodayinfo.com and CUTodayinfoReply.com