10 Ways you can fight against Russia’s cyberattacks
I had the pleasure of attending the Tech Execs Summit in Forsyth. They brought several speakers that had a lot of insight into how and why Russia’s cyberwar is impacting local businesses.
We are no longer threatened by the one man show that just got lucky and was able to hack into your system and get $500 in ransom out of you. These hacking organizations are ran as a business in Russia, as in they have office space, they have employees, they have payroll, etc. It’s a criminal enterprise that is ran like an enterprise business, racking in millions of dollars to fund them.
Have you heard of software as a service? Things like Office 365 is considered (SaaS) Well, these cybercriminal enterprises offer Malware as a Service (MaaS). What this means is that just about anyone who has basic computer skills can now use all the pro hacker tools by paying a subscription model to use the tool for a period of time. With growing sanctions and devaluation of the Rubel, prices for the MaaS and leaked credentials have greatly decreased, which is attracting more, “customers.” Millions of credentials get leaked on the dark web almost on a daily basis,
@Ken Foster had a lot of great information to provide during this summit, many of the things that echoed my previous articles on how to strengthen your cybersecurity resilience. Here are the 10 primary takeaways that every business owner in the Metro Atlanta area should take note of and position their company to be better prepared:
1. Have a healthy Cybersecurity Hygiene
Let’s start with the basics, what I mean by this, is that you should have a layered defense, and not rely on just one security measure. As we have seen, ransomware and malware can get in through your email, so make sure you are using an email filtering system and are training your employees on how to spot phishing emails.
Make sure your software is up to date
This one is pretty simple, make sure you are running the latest software and that your patches are up to date. Microsoft, for example, releases patches every month for their products.
Use 2 Factor Authentication (2FA)
2 factor authentication is a process that requires two forms of identification to login. This can be something as simple as a code that is texted to your phone, a physical token that you have to plug into your computer, or using an MFA app on your phone.
Use a password manager
A password manager is software that helps you create and store strong passwords. This is important, because, regardless of how complex your password is, if you are using the same password for multiple accounts, once one of those accounts is compromised your other accounts are as well.
Rotate your passwords regularly
This one goes hand in hand with using a password manager. Make sure your employees are forced to change their passwords every 30 days to help protect from these credential leaks.
2. Separation of Duties
Entrepreneurs know this better than anyone else; most have to wear 100 different hats when running a business. However, as the business grows, it’s crucial to separate responsibilities and duties as it pertains to cybersecurity. Here is what I mean by this. You don’t want to give your accountant access to developers source code, for example. Although you trust the guy and know that he won’t do anything malicious, what you can’t trust is that someone having his account credentials won’t do the same.
By separating duties, this means that a production manager does not have access to accounting data, and an accountant does not have access to production data. This segmentation greatly reduces the chance of a large data breach.
3. Vendor Targeting
It’s quite common for hackers to target the vendors of a large enterprise, instead of directly targeting these large enterprises that spend millions on security. This is how it works; let’s assume your merchant has a banner or website that provides information about all of their clients (a practice done to lend them credibility, after all, if they are good enough to work with Target, Walmart, etc., then they are probably good enough to work with your business as well). Instead of going after Target or Walmart, they will target the vendor company. These businesses are typically smaller and don’t invest the same money that larger enterprises do into their cybersecurity.
They can get access to the largest firm through the hacked vendor accounts and subsequently infiltrate their network, as this was the case with Target getting hacked through their climate control system (vendor company).
4. Seamless Data Breaches
Let’s assume you have a 500GB client database and that a breach occurs in which the entire database is uploaded. It would take several days of exhausting your bandwidth to offload your data if such a breach were to occur. Often times this should sound off alarms with your Managed Services Provider (MSP) or your IT staff that something is wrong and they would stop the breach.
The hackers have gotten more clever and instead of trying to off-load the entire database, they mask these malicious activities as normal businesses processes to remain undetected. What this means is that instead of uploading an entire 500GB database in one swoop, they would take months to slowly off-load data in pieces until GBs or TB of data is gone before anyone ever notices anything. Your MSP or your IT service providers should have solutions in place to catch these things early on. However, this brings me to the next point!
5. Encryption is useless in data breaches
Encrypting your hard drive with BitLocker prevents physical theft of the data. If someone runs off with your laptop, congratulations, your data is safe!
However, if the hard drive is already unlocked, data could be accessed even if physical hard drive encryption is used. To safeguard your data in the event of leaked credentials, make sure you have a strong password for your database, and that it isn’t shared with the user profile.
6. Easy Targets are the most helpful
Who are the most easy targets that you can think of in your company? It’s typically the most helpful people in the company, aka the receptionist. They are often times the victims of targeted phishing attacks, since their job is to be helpful. Doing cyber security training should primarily start with the receptionist!
7. The Never expiring service accounts
The notorious service accounts that are rarely examined with passwords set to never expire. A scanning profile, for example, or a printer profile with admin-level access that was created hastily at the start of installation because it was the simplest option by the tech. These accounts pose a huge security risk, often times these are setup by vendors that setup all of their machines with the same password, if this vendor gets breached and account data leaks they can easily infiltrate your network. Make sure that a competent provider installs and makes sure you rotate them regularly. Managed IT Services in the Metro Atlanta area can generally help with this, during the on-boarding, a good MSP will review these accounts and make suggestions to update or changing them.
8. The 72 hours before your money is gone!
Oh no! You fell victim to a phishing scheme and wired thousands of dollars to the Prince of Persia. Well, the good news is that wiring money internationally goes into an escrow account, and you have 72 hours to reverse the transaction, so if you catch this quick enough, the money can be recovered.
9. Test your backups
Pretty self explanatory, if you are performing backups, but have never tested them, how do you know they will work when you need them?
Verify that your MSP or IT department does regular checks on your backups. You’ll sleep more soundly at night, and you’ll be ready in case of a breach.
10. Severe ties with any Russian developers or companies
Even if you have a good relationship with your Russian developers or have used the services of firms for some time, you should cut ties with them as soon as possible. The Russian doctrine claims, service to the state above all else, which means the government has the power to seize those firms’ assets, obtain access to your systems, and use it in a harmful way to gain access.
It was a great event put on by the Forsyth County Chamber hosted in Alpharetta and we were glad to be a part of it.
If your Metro Atlanta (Alpharetta, Marietta, Roswell, Cumming area) business needs help with Cyber Security or Managed IT Services please reach out to AlphaCIS. They can assess your systems and ensure your business is resilient to cyberthreats. You can reach them by scheduling an appointment here or calling 678-619-1218
Dmitriy Teplinskiy
I have worked in the IT industry for 15+ years. During this time I have consulted clients in accounting and finance, manufacturing, automotive and boating, retail and everything in between. My background is in Networking and Cybersecurity