While sophisticated cyber-incidents like the Equifax breach in 2019 and the recent SolarWinds hack dominate news headlines and keep CISOs up at night, simple misconfigurations by IT managers are actually among the most lucrative attack avenues for cybercriminals. Misconfiguration-borne attacks are regarded as the low-hanging fruit of cybercrime, as organizations often neglect to apply systematic hardening processes and policies to properly close entry points. Research by ESG shows that endpoint misconfiguration accounts for 27 percent of entry points exploited to gain access into environments by attackers.
Malicious actors thrive by capitalizing on unsecured hardware, employees with unnecessary access to critical company resources, unpatched vulnerabilities, false alert storms, and others. As organizations move their workloads to the cloud, the chance for misconfigurations increases while visibility of threats diminishes, further compounding the issue.
Top misconfigurations used to breach organizations
To do their job well, security teams must assess risk and rapidly remediate configuration errors without disrupting IT systems. However, that’s easier said than done.
Overburdened, under-resourced and typically understaffed, IT administrators frequently misconfigure OS-related applications and components. Common IT errors crop up in Microsoft Office, SharePoint, ACTIVE_X, and Windows Remote Management (WinRM). The COVID-19 pandemic has pushed remote access vulnerabilities and misconfigurations to the forefront of cybersecurity as a favored attack vector. Unsurprisingly, configuration errors related to WinRM now rank highest among misconfigurations in Microsoft software.
WinRM allows a user to interact with a remote system, run an executable (such as deploy malware), modify the registry, or modify services, making it an area of great concern. Improper configuration of WinRM can often lead to a devastating cyber incident.
Bitdefender data shows that misconfigurations related to accounts, password storage and password management on endpoint are the most commonly misconfigured with a 12.5 percent share.
A misconfigured account opens the door to account takeover, spear phishing/BEC compromise, lateral movement, malware infection and data leaks. Most ransomware incidents occur because of a misconfigured component, an unpatched vulnerability or a successful social engineering scheme. Since ransomware attacks today are synonymous with data breaches, organizations risk multiple levels of extortion – because of a single misconfiguration or IT-related oversight.
Reducing the attack surface
To address the challenges of ensuring configurations are accurate and up-to-date, enterprises need integrated endpoint configuration risk analysis at the heart of their security operations. This provides key visibility and automated remediation.
Most endpoint protection platforms fail to assess risks associated with misconfiguration, forcing security teams to constantly react to trivial alerts and conduct repetitive, manual vulnerability management, incident triage, and patching.
To help organizations navigate through the dangerous waters of misconfigurations, Bitdefender offers solid support through advanced endpoint risk analytics, network analytics, cloud security and human risk assessment at the heart of its GravityZone security suite. The powerful platform enables security teams and administrators to minimize the attack surface, stop potential compromise and gain full visibility into risks associated with misconfigurations.
Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.View all posts
Don’t miss out on exclusive content and exciting announcements!