{"id":2514,"date":"2020-06-08T13:20:21","date_gmt":"2020-06-08T05:20:21","guid":{"rendered":"https:\/\/greycortex.hk\/?p=2514"},"modified":"2020-06-08T13:23:04","modified_gmt":"2020-06-08T05:23:04","slug":"greycortex-ceo-on-how-to-minimize-the-risk-of-ransomware-attack","status":"publish","type":"post","link":"https:\/\/greycortex.hk\/zh\/2020\/06\/08\/greycortex-ceo-on-how-to-minimize-the-risk-of-ransomware-attack\/","title":{"rendered":"GREYCORTEX CEO ON HOW TO MINIMIZE THE RISK OF RANSOMWARE ATTACK"},"content":{"rendered":"
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

13+1 PRINCIPLES FOR THE SECURITY OF YOUR NETWORK<\/h3>

Ransomware<\/a><\/strong>\u00a0\u2013 a term that we were already aware of a few years ago but most of us rather took it as a \u201cnot-our-problem\u201d kind of thing. However, cybercriminals didn\u2019t see it the same way and it was just a matter of time before that kind of extortionate vermin came to do harm in our land, too. And even though the attacks on\u00a0Bene\u0161ov Hospital\u00a0<\/a><\/strong>and\u00a0OKD<\/a><\/strong>\u00a0were not among the first ones, their coverage definitely raised awareness of the topic. Then, the emergence of coronavirus has actually created new opportunities of phishing and\u00a0ransomware<\/a><\/strong>\u00a0campaigns for cybercriminals; hugely supported by the massive transition of office workers to home office.<\/p>

There have been many confirmed cyber attacks just in Czechia in the past three months (the real number of organizations that fell victim to a cyber attack in Czechia is likely to be higher but not all the information gets published):\u00a0Prague Castle Administration<\/a><\/strong>,\u00a0University Hospital Brno<\/a><\/strong>,\u00a0Psychiatric Hospital Kosmonosy<\/a><\/strong>,\u00a0Vltava River Basin Management<\/a><\/strong>\u00a0and\u00a0Prague 3 City District Administration<\/a><\/strong>. Recently, having its branches in Czechia, the medical company\u00a0Fresenius<\/a><\/strong>\u00a0has also been attacked.<\/p>

Now that the topic of cybercriminals and the possibilities of protection against them gets more publicity, it could come in useful to refresh a few rules which may significantly minimize the risk of an attack on your infrastructure. I\u2019m going to try to summarize them in this article without getting too technical and complex so that anybody can understand. Hopefully, successfully \ud83d\ude42<\/p>

\"\"<\/p>

Rule number 1<\/strong>
Don\u2019t try to find a single solution to the whole area of cyber security \u2013 there\u2019s nothing like a \u201cSilver Bullet\u201d or \u201cHoly Grail\u201d (i.e. a single \u201ccover-it-all\u201d or \u201csave-it-all\u201d) solution. Simply not. Just as in cars, with a lot of various features that increase the safety (the sole car construction ensures passive safety, then there are the safety belts, airbags, ABS and other electronic systems), it\u2019s their combination that will make you more likely to survive an accident, or get away without getting injured. The same applies to cyber security \u2013 it takes various \u201clayers\u201d of security and their correct combination to ensure the maximum degree of protection.<\/p>

Rule number 2<\/strong>
Use up-to-date versions of operating systems and update them regularly \u2013 those \u201conce-in-a-blue-moon\u201d updates leave enough space for an attacker to use unpatched flaws to penetrate your infrastructure. If, for some serious reason, you really have to use operating systems after they expire (i.e. their developer doesn\u2019t issue updates anymore), at least reserve a separate segment in the network for such devices and take special care of them; however, it\u2019s definitely better not to have such devices in the infrastructure at all. Don\u2019t forget to regularly update any other software you use \u2013 as well as an out-of-date operating system this can also lead to the infection of your infrastructure.<\/p>

Rule number 3<\/strong>
Use good-quality antivirus solution. Current antivirus software includes a lot of security mechanisms and their scope is rather vast so they will help you prevent plenty of problems. Nevertheless, the same rule as with operating systems applies here \u2013 update, update, update!<\/p>

Rule number 4<\/strong>
Don\u2019t trust the \u201cexperts\u201d who claim that it\u2019s enough to use common sense, not to open suspicious attachments and to behave sensibly \u201con the web\u201d to prevent the infection \u2013 that\u2019s not true anymore. Modern malware can exploit unpatched flaws not only in operating systems, but also in applications, etc., and it can use them to get into your infrastructure without you performing an action knowingly (such as opening an email attachment).<\/p>

Rule number 5<\/strong>
Even your firewall and network elements deserve your attention and regular updates. After all, firewall or routers are also computers, i.e. hardware, which run some specialized software. And as it\u2019s generally known and the experience has confirmed that there\u2019s a flaw in every kind of software, it\u2019s vital to update such devices regularly, too. If you don\u2019t do so, you open yet another route into your infrastructure for attackers, just as we showed in practice at our conference\u00a0GREYCORTEX DAY<\/a><\/strong>, where we demonstrated an attack on a typical network infrastructure live.<\/p>

Rule number 6<\/strong>
Unless necessary, don\u2019t work within the administrator account. It\u2019s not really needed for regular work and if an attacker breaks through the security of the device you\u2019re logged on as an admin (most probably unnecessarily), you\u2019ll make their efforts much easier as well as their way to your data (and possibly money).<\/p>

\"\"<\/p>

Rule number 7<\/strong>
If you use any kind of remote desktop at work, don\u2019t leave it on, nor permanently open to the Internet, as it\u2019s often the target of initial stages of an attack and you practically leave\u00a0the door to your infrastructure<\/a><\/strong>\u00a0open. In general, be careful how your colleagues or suppliers working remotely connect and which permissions they have, which parts of the infrastructure they can access and how their connection to internal tools is secured. All this is linked to the following rule:<\/p>

Rule number 8<\/strong>
Use VPN only (Virtual Private Network) for external connection to the internal network. If you allow direct connection from the outside without using VPN, sooner or later, some attacker will abuse it. Don\u2019t forget to cancel disused VPN accounts as there\u2019s always the danger of abuse of a long-forgotten access. This applies in general \u2013 if you grant anyone access to anywhere and they don\u2019t need it for work anymore, cancel it.<\/p>

Rule number 9<\/strong>
Divide the visitor (i.e. publicly accessible) and internal \/ production parts of infrastructure thoroughly and consistently. This doesn\u2019t only apply on guest Wi-Fi, but any part of the infrastructure which can be freely accessed by unknown persons. A lot of attacks on internal infrastructure start by a \u201cvisit\u201d of an unwelcome guest from the publicly accessible part of the network.<\/p>

Rule number 10<\/strong>
Cybercriminals keep improving and coming up with new ways how to convey harmful code to you and your colleagues, so it\u2019s useful to get informed regularly on new ways how someone might try to trick you (or make you do something that will spread the infection) and on new dangers. It\u2019s definitely not a waste of time or money to take part in an interesting conference on such a topic or get regular training from companies that focus on prevention. You\u2019d have to invest a lot more time and money in removing the consequences of actions of unknowing employees. Unfortunately, the human factor will always be the weakest link in the chain of cyber security, so it pays to regularly raise awareness of what may happen.<\/p>

Rule number 11<\/strong>
If your colleagues work within your infrastructure on their own devices (so called BYOD, Bring Your Own Device), it\u2019s necessary to count on the\u00a0fact that you\u2019ll have to apply all the mentioned rules on such devices, which is rather a big problem. One of the possible solutions is granting these devices access only to a certain segment of the infrastructure, secure it properly and monitor, which may obviously be quite strenuous.<\/p>

Rule number 12<\/strong>
If I don\u2019t understand something, I can\u2019t deal with it. If you don\u2019t have sufficient insight into the whole infrastructure and you don\u2019t have the possibility to monitor what\u2019s going on in it, the attacker is invisible to you and you\u2019re practically blind (until the attack shows in its full extent, i.e. in case of ransomware data encryption). That\u2019s why it\u2019s convenient to use the\u00a0NTA<\/a><\/strong>\u00a0solution (Network Traffic Analysis), such as our solution\u00a0GREYCORTEX MENDEL<\/a><\/strong>. These tools will not only allow you to see (to the tiniest detail) which devices there are in your network and what\u2019s going on in them, but they will also enable you to get timely notifications in case there\u2019s a suspicious and dishonest activity in the infrastructure thanks to the automatic analysis of the entire network performance and running event correlation (if you\u2019re interested in more information, you\u2019ll find it\u00a0here<\/a><\/strong>). Obviously, it\u2019s necessary to process such notifications and secure a remedy to the flaws found, but that\u2019s well beyond this article. If there isn\u2019t an internal department dealing with cyber security, you can get the SOC services (Security Operations Centre) at some of our\u00a0partners<\/a><\/strong>\u00a0and leave this burden with them. You\u2019ll appreciate the NTA solution especially in case the attacker manages to\u00a0disable your antivirus solution<\/a><\/strong>\u00a0or to get through your firewall (e.g. by hiding illegitimate, harmful traffic inside the legitimate traffic and thus trick the firewall), as they can\u2019t hide the signs of harmful behaviour from permanent analysis of network traffic. What\u2019s more \u2013 the NTA solution will help you with forensic analysis, i.e. subsequent investigation, of where the attack came from or how the infection got inside your infrastructure, which will help you detect and remove weak spots in security.<\/p>

IN SHORT \u2013 WHAT ARE THE MAIN BENEFITS OF OUR NTA PRODUCT\u00a0GREYCORTEX MENDEL<\/a><\/strong>\u00a0IN YOUR FIGHT WITH CYBER CRIMINALS?<\/p>