The Cybersecurity and Infrastructure Security Agency (CISA) released an alert highlighting common initial access points for cybercriminals targeting networks.

The advisory, coauthored by cybersecurity agencies from the United States, Canada, New Zealand, the Netherlands and the United Kingdom, identified weak security strategies used by hackers attempting to gain network access.

  1. Weak or unenforced multi-factor authentication
  2. Errors within access privileges
  3. Outdated software
  4. Default security settings 
  5. Insufficient third-party security
  6. Weak password policies
  7. Unprotected cloud services
  8. Exposed open ports or misconfigurations
  9. Inadequate anti-phishing techniques
  10. Lacking endpoint detection and response

The alert recommended access control measures, credential hardening, software patching programs and more security measures for cybersecurity leaders to enact.

For more threat and mitigation techniques, click here.