A joint security advisory issued by several national cybersecurity authorities has identified the ten attack vectors most exploited by threat actors.
These attack vectors include the failure to enable multi-factor authentication, improperly applied privileges or permissions and errors in access control lists, out-of-date software, and the use of vendor-supplied default configurations or default login usernames and passwords.
Others include the lack of sufficient control by remote services, failure to implement strict password policies, unprotected cloud services, open ports, misconfigured services, failure to detect or block phishing attempts, and poor endpoint detection and response.
The joint advisory highlights a list of security measures that organizations can take to eliminate poor security measures.
Security measures include the use of control access, hardened MFA credentials and standard password reset, centralized log management, and antivirus and detection tools (including intrusion detection and prevention systems).
The sources for this piece include an article in BleepingComputer.