Various national cybersecurity authorities have recently published a joint advisory that discloses what are the top 10 attack vectors most exploited by cybercriminals.
Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system. This joint Cybersecurity Advisory identifies commonly exploited controls and practices and includes best practices to mitigate the issues. This advisory was coauthored by the cybersecurity authorities of the United States,,, Canada, New Zealand,, the Netherlands, and the United Kingdom.
The List of Top 10 Attack Vectors Most Exploited #1 Lack of Multi-Factor Authentication (MFA)
Account takeover can be prevented by enabling MFA. As the advisory reads, MFA is crucial in the fight against cybercrime, since Remote Desktop Protocol (RDP) is regarded as the most popular infection vector for ransomware.
#2 Privileges Not Properly Managed and Access Control Lists Packed with Errors
Without these practices properly implemented, access control rules cannot be enabled correctly and unauthorized entities (be it, users, or system processes) can achieve unauthorized access.
#3 Lack of Updates in the Software
Unpatched software may be a path for threat