“Stop these 10 things that make it easier for cybercriminals”

The techniques

In fact, they use five techniques to penetrate:

1. Abuse of publicly available applications

2. Abuse of Remote External Services

3. Phishing

4. Abuse of relationships of trust

5. Abuse of Valid Accounts

Mistakes

The document mentions the following errors that offer the criminals the possibility to apply the above methods:

1. Multi-factor authentication is not enforced

2. Access rights are not set correctly

3. The software is outdated

4. Using Default Login Information

5. Remote services (e.g. VPN) do not check for unauthorized use

6. There is no policy that enforces strong passwords

7. Cloud services are not configured correctly

8. Open doors allow criminals free access

9. Analysis of phishing attempts is missing

10. Missing detection on bypass security equipment.

The solutions

The document provides additional guidance on how these ten points can be addressed. One of the most important tips is to configure and enforce multi-factor authentication, especially when organizations deploy Remote Desktop Protocol (RDP). RDP security vulnerabilities are the most common route for ransomware smuggling.