CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization

The Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Coast Guard (USCG) conducted a cybersecurity hunt at a critical infrastructure organization. This advisory shares their findings to help other organizations improve their security posture. Although no malicious activity was discovered, several cybersecurity risks were identified. These included insufficient logging, insecurely stored credentials, and shared local administrator credentials. The organization also had unrestricted remote access for local admin accounts. Furthermore, there was insufficient network segmentation between IT and operational technology (OT) assets, along with several device misconfigurations. Recommendations for mitigation were provided, aligning with CISA and NIST Cybersecurity Performance Goals. Key mitigations involve securely managing credentials, avoiding plaintext storage, and enforcing the principle of least privilege. Organizations are urged to implement these measures to prevent potential compromises. Unique administrator passwords and multifactor authentication for all administrative access are crucial. Strict policies should be enforced for accessing OT networks, using hardened bastion hosts. Comprehensive and detailed logging across all systems is also recommended.