Contact us
Blog
Subscribe

Common infrastructure issues - 2022

by Benjamin Svensson 2022-12-14

At Assured - in our penetration testing and advisory assignments - we've noticed that our customers have become increasingly interested in testing and securing their infrastructure. Based on these experiences, we want to share the five most common security issues that we've seen during 2022.

1. Excessive use of Domain Accounts

The use of Domain Admins as normal administrative accounts is one of the common issues we encounter. This is a major security risk, as it gives attackers a single point of entry into an organization's network. We strongly recommend that our customers stop using Domain Admins as normal administrative accounts and instead implement the principle of least privilege.

2. Lack of network access control

Another issue we often see is that organizations implement network segmentation but don't implement restrictions between subnets. This may allow an attacker to move laterally throughout the network once they've gained an initial foothold. To address this, we recommend implementing access control lists (ACL) or firewall rules to restrict access between subnets.

3. No detection in place

Another concerning trend is the lack of detection mechanisms. Without proper detection, organizations are flying blind and may not even realize that they've been hacked until it's too late. To combat this, we recommend implementing a robust detection and response strategy, including regular testing and the use of security tools such as intrusion detection and prevention systems (IDS, IDP). However, we advise to refrain from aiming too high right away, instead starting with small detection mechanisms to identify the use of Domain Admin accounts, access to sensitive systems from unexpected sources, etc.

4. Bad password policy (and no multi-factor authentication)

We also often see poor password policies and administrators creating weak passwords which are easy for attackers to guess. To address this, we recommend implementing strong password policies that require the use of complex/long passwords (where length > complexity) and multi-factor authentication. You may introduce a password manager to help users manage strong passwords for services.

5. Unpatched services

Finally, we frequently encounter unpatched services which can leave organizations vulnerable to known vulnerabilities with public exploits. To address this we recommend implementing regular patch management and keeping all services up to date with the latest security updates.

Conclusion

The year 2022 has seen an increased ambition by our customers to test and secure their infrastructure. While this is a positive development, we still see a number of common issues that need to be addressed. By implementing the recommendations above, organizations can improve their security posture and better protect themselves from potential attacks.

Contact us us if you are interested in our penetration testing or adversary simulation (red/purple team) services.

Blog

2023 Retrospective: Web and Mobile Application Security

A 2023 retrospective by Assured Security Consultants on performed web application penetration tests, ...

Blog

2023 Retrospective: IT Infrastructure and Active Directory Security

A 2023 retrospective by Assured Security Consultants on security assessments conducted, highlighting key IT infrastructure and Active Directory vulnerabilities, the impact of new regulations, and strategies for a more secure future.

Blog

Application Security Assessment 101

An introduction to what an application security assessment is and how it is performed.

More blog posts

Services

Penetration test

Adversary simulation

Code review

Threat Landscape Assessment (TLA)

Advisory

Training

Threat & Risk

Areas

Application Security

Mobile App Security

Infrastructure

Automotive Security

Embedded Security

Cryptography

 

About Assured

Careers

Publications

Blog

 

© 2023 Assured AB