Joint cyber security advisory on weak security controls and practices routinely exploited for initial access

May 17, 2022

CSE’s Canadian Centre for Cyber Security (Cyber Centre) joined cyber security partners from the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), the Computer Emergency Response Team New Zealand (CERT NZ), the National Cyber Security Centre New Zealand (NCSC-NZ), the National Cyber Security Centre Netherlands (NCSC-NL), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) in issuing a joint Cybersecurity Advisory (CSA) to remind organizations of common exploits cyber threat actors utilize to gain initial access, or as part of other tactics to compromise a victim’s system.

These tactics are well known and have been flagged previously as items that could lead to compromises if they are not included as part of best cyber security practices. Mitigations include, but are not limited to:

  • Controling access
  • Hardening credentials
  • Establishing centralized log management
  • Using an antivirus
  • Employing detection tools
  • Operating services exposed on internet-accessible hosts with secure configurations
  • Keeping software updated

More information on this joint advisory

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: