Don’t make it easy for ransomware attackers.
Ransomware is once again in the news. Attackers are reportedly targeting health care providers and are using targeted phishing campaigns disguised as meeting invites or invoices that contain links to Google documents, which then lead to PDFs with links to signed executables that have names with distinctive words like “preview” and “test”.
Once the ransomware enters a system, attackers go after low-hanging fruit left behind on our networks to move laterally and do more damage. Such easy access is preventable. Here’s how you can check for seven common weaknesses and keep ransomware perpetrators from embarrassing you and your team.
1. Passwords stored in browsers
Don’t allow your browser to save your passwords! None of them. Not one. If you do, those passwords are vulnerable. Only use a separate password manager to store passwords such as LastPass, Roboform, Dashlane, or 1Password.
2. Using Remote Desktop Protocol
Do you still use insecure and unprotected Remote Desktop Protocol (RDP)? I still see reports where attackers use brute force and harvested credentials to break into RDP open to the web. It is very easy to set up servers, virtual machines and even Azure servers with remote desktop. Enabling remote desktop without at least minimum protections such as limiting or restricting access to specific static IP addresses, or not setting up two-factor authentication means you are at severe risk of having an attacker take control of your network. (Trinity provides a service that secures your remote desktop access.)
3. Password reuse
How often do you or your users reuse passwords? (Statistics show that a user uses the same password 13 times.) Attackers gain access to harvested passwords in online data dump locations. Knowing that we often reuse passwords, attackers use these credentials in various attack sequences against both websites and accounts as well as against domains and Microsoft 365 access.
The other day someone said, “Attackers don’t break in these days; they log in. ”Ensuring that you’ve enabled multi-factor authentication in your organization is key to thwarting this style of attack.” The use of a password manager program encourages better and more unique passwords. In addition, many password managers will flag when a username and password combination is reused.
4. Unpatched vulnerabilities
Unpatched vulnerabilities are literally everywhere — software, apps, programs, operating systems, even browsers. And, because we live and work in a data-centric world where hyperconnectivity is the norm, an unpatched vulnerability in one single end-point can carry major consequences by opening the door to massive attacks.
The WannaCry ransomware attack which targeted computers running Microsoft Windows OS, is just one painful reminder of how an unpatched vulnerability can spread globally with disastrous results in a very short period of time.
5. Inadequate email protections
Have you done all you can to ensure your email—a key entry point for attackers—is protected from threats? Attackers frequently gain entry to networks via spam emails. All organizations should use an email hygiene service to scan and review messages that enter your network. Have a filtering process in front of your email server. *Whether that filter is Office 365 Advanced Threat Protection (ATP) or a third-party solution, have a service in front of your email that assesses the reputation of the email sender, scans links, and reviews content. Review any email hygiene you have previously set up. If you use Office/Microsoft 365, review the secure score and ATP settings. (Trinity provides a service that harden your email systems against attacks.)
6. Untrained users
Last but certainly not least, make sure you patch your humans! Malicious emails often enter my inbox even with all the appropriate threat protection settings. A slightly paranoid and educated end user can be your final “human” firewall to ensure malicious attacks don’t enter your systems.
Troy Hunt recently wrote about how fonts used in browsers often make it difficult to determine what is a good website and what is a bad website. He pointed out that password managers will automatically validate websites and offer to fill in the password only for those sites that match your database.
*Microsoft Office 365 Advanced Threat Protection (ATP). ATP is a cloud-based email filtering service that helps protect your organization against unknown malware and viruses by providing robust zero-day protection, and includes features to safeguard your organization from harmful links in real time. ATP has rich reporting and URL trace capabilities that give administrators insight into the kind of attacks happening in your organization.
Give us a call at 732.780.8615 or email us at [email protected] today for more information on our latest security offerings – Microsoft Office 365 Advanced Threat Protection and/or to schedule a Vulnerability Assessment. One of our professional engineers would love to discuss how we can help you to protect your IT environment and valuable data against cyber threats.