Security News > 2022 > May > Cybersecurity agencies reveal top initial access attack vectors
"Cyber actors routinely exploit poor security configurations, weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim's system," the joint advisory reads.
Attackers also have a few favorite techniques they regularly use to gain initial access to their victims' networks, including the exploitation of Internet exposed applications, leveraging external-facing remote services, phishing, abusing orgs' trust in their partners, and using stolen credentials.
These mistakes can prevent the enforcement of access control rules and could allow unauthorized users or system processes to be granted access to objects.
Unpatched software may allow an attacker to exploit publicly known vulnerabilities to gain access to sensitive information, launch a denial-of-service attack, or take control of a system.
Remote services, such as a virtual private network, lack sufficient controls to prevent unauthorized access.
Cyber actors use scanning tools to detect open ports and often use them as an initial attack vector.