{"id":7821,"date":"2022-06-09T08:38:24","date_gmt":"2022-06-09T15:38:24","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=7821"},"modified":"2023-10-12T09:09:38","modified_gmt":"2023-10-12T16:09:38","slug":"weak-security-controls-and-practices-routinely-exploited-for-initial-access","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\/","title":{"rendered":"Weak Security Controls and Practices Routinely Exploited for Initial Access"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">This CISA Alert reviews many weak security controls and the techniques and procedures routinely used for initial access. This Alert was co-authored by cybersecurity authorities of the United Kingdom (NCSC-UK), Canada (CCCS), New Zealand (NCSC-NZ), the Netherlands National Cyber Security Center, and the United States (CISA, NSA, and the FBI).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The following techniques (in MITRE ATT&amp;CK format) were commonly used to implement the tactic (MITRE ATT&amp;CK Tactic <\/span><a href=\"https:\/\/attack.mitre.org\/versions\/v10\/tactics\/TA0001\/\"><span style=\"font-weight: 400;\">TA0001<\/span><\/a><span style=\"font-weight: 400;\">) to gain initial access to victim networks:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Exploit Public-Facing Application <\/span><a href=\"https:\/\/attack.mitre.org\/versions\/v10\/techniques\/T1190\/\"><span style=\"font-weight: 400;\">[MITRE ATT&amp;CK Technique T1190]\u00a0<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">External Remote Services <\/span><a href=\"https:\/\/attack.mitre.org\/versions\/v10\/techniques\/T1133\/\"><span style=\"font-weight: 400;\">[MITRE ATT&amp;CK Technique T1133]<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Phishing <\/span><a href=\"https:\/\/attack.mitre.org\/versions\/v10\/techniques\/T1566\/\"><span style=\"font-weight: 400;\">[MITRE ATT&amp;CK Technique T1566]<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Trusted Relationship <\/span><a href=\"https:\/\/attack.mitre.org\/versions\/v10\/techniques\/T1199\/\"><span style=\"font-weight: 400;\">[MITRE ATT&amp;CK Technique T1199]<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Valid Accounts <\/span><a href=\"https:\/\/attack.mitre.org\/versions\/v10\/techniques\/T1078\/\"><span style=\"font-weight: 400;\">[MITRE ATT&amp;CK Technique T1078]<\/span><\/a><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Threat actors are able to exploit many of the following poor configurations, poor security practices, and weak security controls in order to utilize these initial access techniques as described in the Alert:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Multi-Factor authentication (MFA) is not enforced.<\/b><span style=\"font-weight: 400;\"> MFA, particularly for remote desktop access, can help prevent account takeovers. With Remote Desktop Protocol (RDP) as one of the most common infection vectors for ransomware, MFA is a critical tool in mitigating malicious cyber activity. Do not exclude any user, particularly administrators, from an MFA requirement.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Incorrectly applied privileges or permissions, and errors within access control lists. <\/b><span style=\"font-weight: 400;\">These mistakes can prevent the enforcement of access control rules and could allow unauthorized users or system processes to be granted access to objects.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Software is not up-to-date. <\/b><span style=\"font-weight: 400;\">Unpatched software may allow an attacker to exploit publicly known vulnerabilities to gain access to sensitive information, launch a denial-of-service attack, or take control of a system. This is one of the most commonly found poor security practices.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Use of vendor-supplied default configurations or default login usernames and passwords. <\/b><span style=\"font-weight: 400;\">Many software and hardware products come \u201cout of the box\u201d with overly permissive factory-default configurations intended to make the products user-friendly and reduce the troubleshooting time for customer service. However, leaving these factory default configurations enabled after installation may provide avenues for an attacker to exploit. Network devices are also often pre-configured with default administrator usernames and passwords to simplify setup. These default credentials are not secure\u2014they may be physically labeled on the device or even readily available on the internet. Leaving these credentials unchanged creates opportunities for malicious activity, including gaining unauthorized access to information and installing malicious software. Network defenders should also be aware that the same considerations apply for extra software options, which may come with pre-configured default settings.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Remote services, such as a virtual private network (VPN), lack sufficient controls to prevent unauthorized access. <\/b><span style=\"font-weight: 400;\">During recent years, malicious threat actors have been observed targeting remote services. Network defenders can reduce the risk of remote service compromise by adding access control mechanisms, such as enforcing MFA, implementing a boundary firewall in front of a VPN, and leveraging intrusion detection system\/intrusion prevention system sensors to detect anomalous network activity.\u00a0\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Strong password policies are not implemented.<\/b><span style=\"font-weight: 400;\"> Malicious cyber actors can use a myriad of methods to exploit weak, leaked, or compromised passwords and gain unauthorized access to a victim system. Malicious cyber actors have used this technique in various nefarious acts and prominently in attacks targeting RDP.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Cloud services are unprotected. <\/b><span style=\"font-weight: 400;\">Misconfigured cloud services are common targets for cyber actors. Poor configurations can allow for sensitive data theft and even crypto jacking.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Open ports and misconfigured services are exposed to the internet. <\/b><span style=\"font-weight: 400;\">This is one of the most common vulnerability findings. Cyber actors use scanning tools to detect open ports and often use them as an initial attack vector. Successful compromise of a service on a host could enable malicious cyber actors to gain initial access and use other tactics and procedures to compromise exposed and vulnerable entities. RDP, Server Message Block (SMB), Telnet, and NetBIOS are high-risk services.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Failure to detect or block phishing attempts. <\/b><span style=\"font-weight: 400;\">Cyber actors send emails with malicious macros\u2014primarily in Microsoft Word documents or Excel files\u2014to infect computer systems. Initial infection can occur in a variety of ways, such as when a user opens or clicks a malicious download link, PDF, or macro-enabled Microsoft Word document included in phishing emails.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Poor endpoint detection and response. <\/b><span style=\"font-weight: 400;\">Cyber actors use obfuscated malicious scripts and PowerShell attacks to bypass endpoint security controls and launch attacks on target devices. These techniques can be difficult to detect and protect against.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The Alert reviews many recommended mitigations to include those associated with control access (including the use of a Zero Trust security model), credential hardening, more robust and comprehensive centralized log management, the use of antivirus programs, detection tools (endpoint and intrusion), regular search and assessment of vulnerabilities (penetration testing), and rigorous configuration management programs.<\/span><\/p>\n<h3><b>Threat Actors Leverage DNS in the Attack Chain<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">The song remains the same. Threat actors frequently use\u00a0 DNS to support malware infiltration, command and control,\u00a0 and attack execution. DNS is continually used to set up and execute attack chains. The attack may involve DNS queries when the victim\u2019s system is compromised and infected. DNS is almost always used when an infected system communicates with the command and control (C&amp;C) servers.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The role of core networking services such as DNS in network security are central to network security defense and protection. Advanced, real threat analytics such as those found in BloxOne Threat Defense, focused on DNS services, are critical to identifying and preventing many of these DNS-based attacks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Threat intelligence is an important part of the defensive mix. Threat intelligence can bring you a very current set of malicious hostnames, domains, IP addresses that you can use such that your DNS servers can then detect and block command and control (C&amp;C) communications to malicious destinations. Advanced techniques such as behavioral analytics and machine learning on real-time DNS queries can rapidly detect and stop zero-day DNS tunneling, DGA, data exfiltration, Fast Flux, lookalike domains, and more. Infoblox DDI (DNS, DHCP, IPAM database) data has valuable information about device activity and actionable network context (like what type of device it is, where it is in the network, who it is assigned to, lease history). This information can be used for essential visibility into ongoing attacks and for remediation strategy.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Visibility is also key. BloxOne Threat Defense leverages DDI (DNS, DHCP, IPAM database) to provide pervasive asset visibility and awareness. BloxOne Threat Defense does this by using additional contextual info on a compromised system such as location in the network, type of device and an audit trail of all activity from that system. This helps administrators quickly identify systems that are attempting to reach suspicious and potentially malicious destinations and take quick action to mitigate those threats.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The integration of data with SIEM and SOAR infrastructure can provide significant reductions in time for the detection of threats and the automation of incident response.\u00a0 When Infoblox detects something malicious, a new device, or virtual workload on the network, it automatically shares that event information and context with existing security infrastructures like endpoint EDR, SIEM, SOAR, and other solutions. This data can trigger the security tools to prevent access to the network or scan for vulnerabilities until it is deemed compliant with policy.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For more information on BloxOne Threat Defense: <\/span><a href=\"https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/\"><span style=\"font-weight: 400;\">https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/<\/span><\/a><span style=\"font-weight: 400;\">.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The full text of <\/span><a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-137a\"><span style=\"font-weight: 400;\">CISA Alert AA22-137A can be found here<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To know more, please reach out to us directly via <\/span><a href=\"https:\/\/info.infoblox.com\/contact-form\/\"><span style=\"font-weight: 400;\">https:\/\/info.infoblox.com\/contact-form\/<\/span><\/a><span style=\"font-weight: 400;\">.\u00a0<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-7683 size-full\" src=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/shields-up.png\" alt=\"\" width=\"512\" height=\"137\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/shields-up.png 512w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/shields-up-300x80.png 300w\" sizes=\"auto, (max-width: 512px) 100vw, 512px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Russia\u2019s invasion of Ukraine could impact organizations both within and beyond the region, to include <\/span><a href=\"https:\/\/www.cisa.gov\/uscert\/russia\"><span style=\"font-weight: 400;\">malicious cyber activity<\/span><\/a><span style=\"font-weight: 400;\"> against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners. Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks. Every organization\u2014large and small\u2014must be prepared to respond to disruptive cyber incidents. As the nation\u2019s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks. When cyber incidents are reported quickly, we can use this information to render assistance and as a warning to prevent other organizations and entities from falling victim to a similar attack.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Organizations should report anomalous cyber activity and\/or cyber incidents 24\/7 to report@cisa.gov or (888) 282-0870.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This CISA Alert reviews many weak security controls and the techniques and procedures routinely used for initial access. This Alert was co-authored by cybersecurity authorities of the United Kingdom (NCSC-UK), Canada (CCCS), New Zealand (NCSC-NZ), the Netherlands National Cyber Security Center, and the United States (CISA, NSA, and the FBI). The following techniques (in MITRE [&hellip;]<\/p>\n","protected":false},"author":324,"featured_media":668,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[519,710,361,711,712,713,30,360,228],"class_list":{"0":"post-7821","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-mitre","9":"tag-network-security-controls","10":"tag-network-security","11":"tag-mfa","12":"tag-vpn","13":"tag-attack-chain","14":"tag-dns","15":"tag-dns-security","16":"tag-bloxone-threat-defense","17":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Weak Security Controls and Practices Routinely Exploited for Initial Access<\/title>\n<meta name=\"description\" content=\"Weak Security Controls and Practices Routinely Exploited for Initial Access. This CISA Alert reviews many weak security controls and the techniques and procedures routinely used for initial access. This Alert was co-authored by cybersecurity authorities of the United Kingdom (NCSC-UK), Canada (CCCS), New Zealand (NCSC-NZ), the Netherlands National Cyber Security Center, and the United States (CISA, NSA, and the FBI).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Weak Security Controls and Practices Routinely Exploited for Initial Access\" \/>\n<meta property=\"og:description\" content=\"Weak Security Controls and Practices Routinely Exploited for Initial Access. This CISA Alert reviews many weak security controls and the techniques and procedures routinely used for initial access. This Alert was co-authored by cybersecurity authorities of the United Kingdom (NCSC-UK), Canada (CCCS), New Zealand (NCSC-NZ), the Netherlands National Cyber Security Center, and the United States (CISA, NSA, and the FBI).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-06-09T15:38:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-12T16:09:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/security-banner-3.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Zuckerman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Zuckerman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\\\/\"},\"author\":{\"name\":\"Michael Zuckerman\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\"},\"headline\":\"Weak Security Controls and Practices Routinely Exploited for Initial Access\",\"datePublished\":\"2022-06-09T15:38:24+00:00\",\"dateModified\":\"2023-10-12T16:09:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\\\/\"},\"wordCount\":1386,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/security-banner-3.jpg\",\"keywords\":[\"MITRE\",\"Network Security Controls\",\"Network Security\",\"MFA\",\"VPN\",\"Attack Chain\",\"DNS\",\"DNS Security\",\"BloxOne\u00ae Threat Defense\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\\\/\",\"name\":\"Weak Security Controls and Practices Routinely Exploited for Initial Access\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/security-banner-3.jpg\",\"datePublished\":\"2022-06-09T15:38:24+00:00\",\"dateModified\":\"2023-10-12T16:09:38+00:00\",\"description\":\"Weak Security Controls and Practices Routinely Exploited for Initial Access. This CISA Alert reviews many weak security controls and the techniques and procedures routinely used for initial access. This Alert was co-authored by cybersecurity authorities of the United Kingdom (NCSC-UK), Canada (CCCS), New Zealand (NCSC-NZ), the Netherlands National Cyber Security Center, and the United States (CISA, NSA, and the FBI).\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/security-banner-3.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/security-banner-3.jpg\",\"width\":660,\"height\":454},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Weak Security Controls and Practices Routinely Exploited for Initial Access\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\",\"name\":\"Michael Zuckerman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"caption\":\"Michael Zuckerman\"},\"description\":\"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/michael-zuckerman\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Weak Security Controls and Practices Routinely Exploited for Initial Access","description":"Weak Security Controls and Practices Routinely Exploited for Initial Access. This CISA Alert reviews many weak security controls and the techniques and procedures routinely used for initial access. This Alert was co-authored by cybersecurity authorities of the United Kingdom (NCSC-UK), Canada (CCCS), New Zealand (NCSC-NZ), the Netherlands National Cyber Security Center, and the United States (CISA, NSA, and the FBI).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\/","og_locale":"en_US","og_type":"article","og_title":"Weak Security Controls and Practices Routinely Exploited for Initial Access","og_description":"Weak Security Controls and Practices Routinely Exploited for Initial Access. This CISA Alert reviews many weak security controls and the techniques and procedures routinely used for initial access. This Alert was co-authored by cybersecurity authorities of the United Kingdom (NCSC-UK), Canada (CCCS), New Zealand (NCSC-NZ), the Netherlands National Cyber Security Center, and the United States (CISA, NSA, and the FBI).","og_url":"https:\/\/www.infoblox.com\/blog\/security\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\/","og_site_name":"Infoblox Blog","article_published_time":"2022-06-09T15:38:24+00:00","article_modified_time":"2023-10-12T16:09:38+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/security-banner-3.jpg","type":"image\/jpeg"}],"author":"Michael Zuckerman","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Michael Zuckerman","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\/"},"author":{"name":"Michael Zuckerman","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4"},"headline":"Weak Security Controls and Practices Routinely Exploited for Initial Access","datePublished":"2022-06-09T15:38:24+00:00","dateModified":"2023-10-12T16:09:38+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\/"},"wordCount":1386,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/security-banner-3.jpg","keywords":["MITRE","Network Security Controls","Network Security","MFA","VPN","Attack Chain","DNS","DNS Security","BloxOne\u00ae Threat Defense"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\/","url":"https:\/\/www.infoblox.com\/blog\/security\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\/","name":"Weak Security Controls and Practices Routinely Exploited for Initial Access","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/security-banner-3.jpg","datePublished":"2022-06-09T15:38:24+00:00","dateModified":"2023-10-12T16:09:38+00:00","description":"Weak Security Controls and Practices Routinely Exploited for Initial Access. This CISA Alert reviews many weak security controls and the techniques and procedures routinely used for initial access. This Alert was co-authored by cybersecurity authorities of the United Kingdom (NCSC-UK), Canada (CCCS), New Zealand (NCSC-NZ), the Netherlands National Cyber Security Center, and the United States (CISA, NSA, and the FBI).","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/security-banner-3.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/security-banner-3.jpg","width":660,"height":454},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/weak-security-controls-and-practices-routinely-exploited-for-initial-access\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Weak Security Controls and Practices Routinely Exploited for Initial Access"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4","name":"Michael Zuckerman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","caption":"Michael Zuckerman"},"description":"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.","url":"https:\/\/www.infoblox.com\/blog\/author\/michael-zuckerman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7821","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/324"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=7821"}],"version-history":[{"count":5,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7821\/revisions"}],"predecessor-version":[{"id":8982,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7821\/revisions\/8982"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/668"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=7821"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=7821"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=7821"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}