You may have read our posts lately about the “whodunit” theories. Who originated the attacks against meat packing plants, managed service providers, and pipelines? There are many theories, many of which align with Russia and China being the culprits. These allegations have placed heated tensions on the American relationships with these two countries, and President Biden has recently warned cyber attacks may lead to a “real shooting war.”
The “Real Shooting War”
Statements made threatening troops on the ground, as a repercussion to cyber attacks, is scary. It also may not align with what is truly happening. As mentioned in the past, ransomware as a service (RaaS) is a growing threat. RaaS is when ransomware is sold to a distributor to be used for whatever cyber attack they see fit, distributing it as they so choose. Then the developer of the ransomware receives a portion of the ransoms paid to the distributor. The issue with attribution for the attack lies in the premise of the RaaS. The coding the developer does, may tie them to Russia, China, or any other country if they wanted to leave breadcrumbs framing another entity. However, the individual distributing that attacks may be in another country. So who would we start the “real shooting war” with?
Instead of focusing on attribution, American agencies, businesses, healthcare facilities, and educational institutions should be focused on closing the security holes that cyber criminals exploit. By reducing their vulnerabilities, the probability of a successful attack is greatly reduced — regardless of where they are originating from.
The Vulnerabilities to Address
We know we need to do better. We need to look at our own networks and look for the security holes that we are leaving open for cyber attackers to exploit. Some of these holes are not removing employee credentials after they leave the employer, not using multi-factor authentication, and relying primarily on a detect and respond form of cybersecurity.
As discussed earlier this week, there are eight essentials to cyber threat prevention. Americans home and businesses users are encouraged to review these eight steps and deploy them within their own networks immediately.
The Essential Eight
- Application whitelisting: Application whitelisting, allowlisting, or application control only allows for known, trusted programs to execute. Similar to Airlock Digital – an Australian cybersecurity firm focusing on application control, Americans can use PC Matic, an American cybersecurity firm focusing on application control.
- Patching applications: Thanks to the cloud, patch management has become increasingly easy. Therefore there should be no excuses for not keeping third-party applications updated within 48 hours of an update being released.
- Configuring MS Office macro settings: Organizations are able to do so by accessing the Microsoft Office settings and disable macros.
- Application hardening: This is simply putting increased controls on the applications that are allowed to run. For example, it may include reducing what webpages employees have access to, abilities to download software, or change security settings.
- Restricting administrative privileges: Organizations are encouraged to complete an audit of who has admin rights for the network. By completing an audit the company can determine who needs access, who has access, and remove privileges accordingly.
- Multi-factor authentication: Setting up multi-factor authentication, like passwords coupled with SMS messaging, reduces the threat of unauthorized individuals gaining access to the network.
- Patching operating systems: Similar to patching applications, operating systems have the ability to auto-update, and should be deployed within 48 hours of availability.
- Daily backups: It is best practice to keep backup files updated. By doing this daily, it will reduce lost data if a cyber attack occurs or hard drive/server crashes.