ESET explains commonly used methods for accessing enterprise networks

Deepak Gupta May 30, 2022
Updated 2022/05/30 at 3:08 PM

THE ESET analyzed a report produced by cybersecurity agencies in the United States, Canada, New Zealand, the Netherlands and the United Kingdom that compiles a list of the most exploited flaws in the context of cybercrime to access an organization’s systems.

These flaws are mainly misconfigurations, weak controls, and other ill-advised security practices that contribute to cyber “bad hygiene”.

ESET presents recommendations to mitigate the problems...

THE ESETa global leader in cybersecurity solutions, analyzed the report and explains the most common practices and controls, as well as recommendations to mitigate the problems identified.

Before analyzing the most common security weaknesses and/or flaws, the report also explains which techniques are most used by cybercriminals to exploit these flaws and gain access to an organization's systems:

  • Exploitation of applications that are publicly published on the Internet: for example, websites or servers, databases or protocols and services used for the administration of network services. In short, any application accessible over the Internet.
  • Remote Access Services exposed to the Internet: This technique is related to the use of VPNs and other services that allow a user to connect to a corporate network from an external location. Attackers often target these remote access services to gain access to a network.
  • Phishing: The old and familiar technique of sending emails to trick potential victims with malicious attachments and links remains effective. Through phishing, many organizations are infected with some kind of malicious code that makes an unsuspecting employee fall into a trap created through social engineering techniques.
  • Exploitation of trust relationships: this technique consists of gaining access to an organization through third parties that have a contract or connection with it, such as a provider that manages security or IT services, and taking advantage of the access they have to the network. of the target organization.
  • Valid accounts: The fifth most commonly used technique involves using valid login details to gain initial access, stay within a network, attempt to escalate privileges, or modify the configuration of the victim's defense mechanisms.

ESET explains commonly used methods for accessing enterprise networks

Initial access vectors most commonly used in cybercrime

In relation to flaws in security controls, weak or insecure configurations and ill-advised practices exploited by cybercriminals, ESET describes the 10 most common:

  • Do not enable multi-factor authentication

Multi-factor authentication is critical to preventing account hijacking. Several studies have shown how this additional layer of security is effective in preventing attackers from gaining access to accounts through stolen login data.

  • Assigning access and permissions incorrectly

Improper management of access and permissions can allow an insider to take actions that pose a risk to the organization by having unnecessary access and permissions to sensitive information.

  • Use of outdated software

Exploitation of vulnerabilities in software is quite common. In many cases, attackers quickly gain access to exploits few days after a vulnerability becomes known, but it is also the case that many organizations use outdated software exposed to long-standing vulnerabilities.

  • Use of default login data

Keeping the same default username and password that come with the software and hardware we buy is taking a huge risk as it gives attackers an easy way to remotely access systems through these solutions.

  • Lack of control over remote access services

Both attackers and ransomware groups often exploit insecure configurations or unpatched vulnerabilities in remote access solutions to an organization's networks, such as VPN solutions.

  • Use of weak passwords

Cybercriminals use a variety of methods to obtain valid login data and leverage it to gain initial access to an organization's systems. From brute force attacks, buying stolen access data on forums in dark webbetween others.

  • Unsecured cloud services

The growth in demand and adoption of cloud services, especially with remote and hybrid work, has also attracted interest from attackers looking for ways to exploit misconfigurations and vulnerabilities in this attack surface to steal information.

  • Misconfigured services exposed on the Internet or open ports

Attackers use tools to discover open ports of exposed Internet services that could allow access to an organization's network, such as RDP services or the Server Message Block (SMB) protocol.

  • Error detecting phishing via email

The knowledge gap can increase the risk that employees will fail to detect a malicious phishing email, making the organization even more likely to fall victim to an incident. Attackers typically resort to this long-standing technique that remains effective due to a lack of security awareness and education.

  • Poor response on installed security products

Cybercrime actors are often able to evade the security controls set by the security products installed on the compromised computer and thus carry out their attacks effectively without being detected. There are different alternatives used by cybercriminals to achieve this, such as using droppers or fileless malware.

Tips to minimize risk

THE ESET identifies some tips that can help organizations minimize the likelihood of attackers gaining access to their systems:

  • Adopt the security model zero trust;
  • Limit the possibility of remote access to an administrator account;
  • Control the permissions and accesses assigned to different data and services, including applying the principle of least privilege so that each employee has access to the information they need to perform their task and nothing more;
  • Establish password changes;
  • Manage the entry and exit processes of employees and internal position changes;
  • Check that no computer has the RDP port open;
  • Implement multi-factor authentication;
  • Modify or disable default usernames and passwords;
  • Monitor the use of compromised login data on internal systems;
  • Centralized management of records;
  • Use of anti-malware solutions.

Share this Article
Leave a comment

Leave a Reply

Your email address will not be published.