By John Oncea, Digital Editorial Director
In the past week I received press releases letting me know biometric hacking and cloud attacks are among the top cyberthreats for 2019 and the Department of Homeland Security National Cybersecurity and Communications Integration Center (NCCIC) and the FBI are issuing an activity alert to inform computer network defenders of increased threats from SamSam ransomware.
The future — heck, the present — is a wonderous and frightening place.
As an MSP you are no doubt aware of all this, but let’s take a second and look at some bullet points associated with the two news items I reference above.
|Interested in writing? Want to share your most recent success with you peers?
Have something your particularly passionate that would benefit the industry?
Send me an email and I'll let you know how we can help.
Biometric Hacking And Cloud Attacks Among Top Cyberthreats For 2019
First up, biometric hacking which is, according to Experian’s sixth annual Data Breach Industry Forecast, when attackers zero in to expose vulnerabilities in touch ID sensors, facial recognition, and passcodes. According to Experian, “Biometric data is considered the most secure method of authentication, but it can be stolen or altered, and sensors can be manipulated and spoofed or deteriorate with too much use.”
Experian’s other four data breach predictions for 2019 are:
- Skimming is the next frontier for an enterprise wide attack on a major financial institution’s national network, which could result in millions of losses.
- A major wireless carrier will be attacked with a simultaneous effect on both iPhones and Android, stealing personal information from millions of consumers and possibly disabling all wireless communications in the U.S.
- It’s a matter of when, not if, a top cloud vendor will suffer a breach, compromising the sensitive information of major companies.
- The online gaming community will be an emerging hacker target, with cybercriminals posing as gamers and gaining access to the computers and personal data of trusting players.
“Hackers have become very nimble at outsmarting protection measures. Cybercriminals always seem to stay a step ahead of new security gates,” said Michael Bruemmer, vice president of Data Breach Resolution at Experian.
The SamSam Ransomware reference made in the introduction to this article marries up with the findings of the SophosLabs’ 2019 Threat Report. This report found, “SamSam’s unexpectedly high return on investment spawned a number of copycat attackers who use manual techniques to break in to victim networks.” And it’s working: SamSam ransom payments surpasses $6.5 million this year with no end in sight.
Again, scary stuff, but also an opportunity. Vendors are capitalizing — in mid-November Sophos announced the general availability of Sophos XG Firewall 17.5 which extend Sophos’ Synchronized Security features and works alongside Sophos Intercept X Advanced with EDR to stop threats from moving laterally or spreading across the network.
The question I have is have you capitalized on this opportunity? If cybersecurity isn’t on your line card, you’re missing the boat. And if it isn’t front and center on your line card, well, you’re missing another boat.
Look, at a minimum you should be encouraging users and administrators your work with to consider the following best practices to strengthen the security posture of their organization's systems. And while I wish I could take credit for this list I give full props to NCICC. And, as always, be sure to review any configuration changes before implementation to avoid unwanted impacts.
- Audit network for systems that use RDP for remote communication. Disable the service if unneeded or install available patches. Users may need to work with their technology venders to confirm that patches will not affect system processes.
- Verify all cloud-based virtual machine instances with public IPs have no open RDP ports, especially port 3389, unless there is a valid business reason to keep open RDP ports. Place any system with an open RDP port behind a firewall and require users to use a virtual private network (VPN) to access that system.
- Enable strong passwords and account lockout policies to defend against brute force attacks.
- Where possible, apply two-factor authentication.
- Regularly apply system and software updates.
- Maintain a good back-up strategy.
- Enable logging and ensure that logging mechanisms capture RDP logins. Keep logs for a minimum of 90 days and review them regularly to detect intrusion attempts.
- When creating cloud-based virtual machines, adhere to the cloud provider’s best practices for remote access.
- Ensure that third parties that require RDP access follow internal policies on remote access.
- Minimize network exposure for all control system devices. Where possible, disable RDP on critical devices.
- Regulate and limit external-to-internal RDP connections. When external access to internal resources is required, use secure methods such as VPNs. Of course, VPNs are only as secure as the connected devices.
- Restrict users' ability (permissions) to install and run unwanted software applications.
- Scan for and remove suspicious email attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header).
- Disable file and printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
There's a great deal of hype around MSPs transitioning to MSSPs (managed security service providers). Truth is, there's no distinction. If you're providing IT services, no matter the acronym you choose to define your business model, client IT security is your responsibility.