The term “cyberattack” brings to mind malware, social engineering, network vulnerabilities or unpatched endpoints. But how do malicious actors manage to unleash their attack kill-chain in the first place? What is it that opens the gates to exploiting a weakness and breaching the infrastructure? With human error behind most successful attacks, perhaps we should look not beyond these culprits, but behind them.
Misconfigurations are a common cybersecurity gap. Security experts agree that configuration errors in privileges, endpoint settings, internet settings, risky services needlessly enabled, and bad access control configurations are leading causes of cybersecurity incidents especially in small and medium business environments like the ones protected by managed service providers (MSPs).
Misconfigurations enable bad actors to abuse IT administrators’ oversights within days, hours, and even minutes in some cases. If it takes longer than a day to fix a system misconfiguration, adversaries have the leverage they need to deploy a full-fledged attack and penetrate the targeted infrastructure in what first looked like a very small window of opportunity.
More than a quarter of organizations cite configuration management as one of the greatest challenges in securing endpoint devices. In fact, endpoint misconfiguration represents 27% of the threat entry points exploited by attackers.
Security teams are overwhelmed with reactive, repetitive tasks such as vulnerability management, incident triage and patching. Therefore, security misconfigurations are a lucrative attack avenue – bad actors know IT engineers who lack automation are always kept on their toes. Security teams require the means to assess risk and rapidly remediate configuration issues without disruption to IT systems.
“Why are security misconfigurations a common attack vector? Because bad actors know IT engineers typically lack automation and they are always on their toes, scooping out water from a leaking boat,” says Bogdan Botezatu, Director of Threat Research and Reporting, Bitdefender.
Misconfigurations are a granular affair, which means IT reps are constantly overburdened. Examples are plentiful: Unintended default accounts using default credentials. Open, unnecessary ports. User Account Controls (UAC) are insecure or disabled. Advanced protection is disabled. Automatic login is, dangerously, enabled or no-autorun settings are disabled. Insecure guest logon is enabled and, of course, misconfigured privileges abound.
Based on up to date telemetry, Bitdefender has released a free whitepaper that looks at the top 5 areas where IT departments like those operated by MSPs struggle with misconfigurations. Highlights include:
- Malicious actors gain entry through endpoint misconfigurations 27% of the time
- Misconfigurations related to accounts, password storage and password management are the most common individual endpoint misconfigurations
- Of the most common areas of endpoint misconfigurations, most errors are found in the Internet Settings category
- Configuration errors related to Windows Remote Management top the list of misconfigurations in Microsoft components
- Endpoint risk analytics enables administrators to reduce the attack surface, limiting potential compromise while providing visibility into risks associated with misconfiguration
Learn how to enable your security team to plug these holes efficiently, with minimal effort and no impact on business operations. Download our free whitepaper: “Top 5 Endpoint Misconfigurations That Open Security Gaps.”
For more details on how MSPs can better manage endpoint configuration risks, tune in to this webinar.