?
editor ’ s question
MOREY J HABER , CHIEF TECHNOLOGY
OFFICER , BEYONDTRUST
W
hile there is no shortage of seminars , articles and vendor solutions outlining best practices to mitigate the threats of ransomware and modern cyber extortion threats like malware based crypto-mining , there is no single solution to protect against all threats . If there was , wouldn ’ t we all be implementing it and the manufacturer be the most profitable vendor ?
There are multiple steps and best practices that can mitigate this growing problem and we just need to stop , listen and do them better and not necessarily go out and buy another tool .
To that end , consider these five recommendations that cover all the families of ransomware and modern cyber extortion tools . If you can do these five well , you can mitigate the vast majority of risk from these escalating attack vectors .
1 . End User Education : The average user may not be able to tell the difference between a regular email , phishing or spear phishing attack . They do however understand if you click on the wrong thing , you may lose all your work and files or infect your computer . If you can translate the threat of ransomware into terms the average user can understand and remember , then the human element of social engineering can have some definable mitigation strategy .
2 . Secure Backups : The worst-case scenario is you do become infected with cyber-extortion-based malware . If you follow law enforcements recommendations , you should not pay the fine . So how do you recover ? The answer is secure backups . While this recommendation is not preventative , it is the only one that can help you when all else fails . All data should be backed up , and most importantly , secured .
3 . Disable Macros : Some newer extortion-based malware is taking cues from older computer viruses that leverage Microsoft Office macros . This one isn ’ t easy to resolve , because many of our spreadsheets and documents depend on Macros to satisfy business requirements . For example , a recent addition to the long list of ransomware is ‘ PowerWare ’.
It comes through a phishing email and contains an infected Word attachment . The document contains a malicious macro which then calls a PowerShell script which carries out the payload . This email is nasty because Word and PowerShell are very common and approved applications at almost every organisation . The setting , ‘ disable all macros except digitally signed macros ’, found within the Trust Centre settings will prevent a macro without a valid certificate authority from executing .
4 . Remediation : As if the thought of an Angler fish is not frightening enough , an exploit kit sharing the same name targets older versions of Flash and Silverlight . According to the Verizon Data Breach Report , 99 % of attacks target known vulnerabilities . Even though this specific vulnerability has been patched , many organisations do not patch and verify third party applications regularly , let alone the operating system itself . It is important to have a regular schedule to assess your environment for vulnerable software and have a reliable process to remediate any findings .
5 . Standard User Privileges : Ransomware spreads by leveraging the user ’ s privileges to infect files that are within scope . If the user only has standard user rights , the only files visible are the ones they may have locally or via a network share . While the scope of this may be large , it can be much worse if the user has administrator privileges . If you reduce a user ’ s privilege to standard user , ransomware that tries to install a persistent presence is generally thwarted because it does not have the privileges to install files , drivers or even access the registry unless it leverages an exploit to escalate privileges .
As we see a disturbing increase in cyber extortion malware , basic cybersecurity hygiene is the best defence against your organisation becoming the next victim . There is no magic button , no simple tool , nor any one strategy that can stop this escalation of threats . But if you can follow these five basic security recommendations , your organisation can greatly minimise the risk of being the next victim .
28 Issue 01 | www . intelligentciso . com