Loading ...

Oregon Cyber Task Force – Cyber Attack Mitigation

During a recent briefing from the FBI’s Oregon Cyber Task Force in Medford, OR they detailed best practices and industry standards for cyber attack mitigation. FBI special agents started with information and statistics about the most recent threats giving specifics of how the attacks were executed. Security Architect from the State of Oregon then outlined the specifics of how to mitigate these threats properly. Here is a summation:

Current Threat Landscape

Business Email Compromise (CEO Fraud): Involves cyber criminals posing as business executives at companies that regularly perform wire transfers. After compromising the executive’s email, the criminal requests employees to perform wire transfers to the criminal’s bank account. FBI Internet Crime Complaint Center (IC3) has reported over $3 billion of losses worldwide due to this threat.

Ransomware: Ransomware is a form of malware that targets weaknesses in networks to deny the availability of critical data by encrypting it and demanding a ransom for the encryption keys to decrypt the data. Ransomware is frequently delivered through spear phishing emails to end users.

Point of Sale (PoS) Malware: Cyber criminal steals payment card data by remotely infecting PoS systems with malware without the need to physically access the cards or the devices used to process them. This allows criminals to compromise PoS systems on a large scale with larger victim base.

Insider Threat: An insider is a current or former employee who has access to an organization’s network and intentionally misuses that access to negatively affect the company. IC3 has recorded business losses from insider threat to be between $5,000 to $3 million.

Internet Extortion: Victims are threatened by cyber criminal with Distributed Denial of Service (DDoS) attack that will make access to their e-commerce site severely degraded or impossible if they victim does not pay to appease them. These can be real or fake with price tags in the neighborhood of 50 bitcoin or about $30,000.

Cyber Attack Mitigation

Here is a list of items that will need to be addressed to comprise a complete mitigation plan:

  • Create company policy in regards to how wire transfers are handled that require verbal or in-person authorization from multiple company executives
  • Create company policy restricting details that can be shared  about job duties and company hierarchy on social media
  • Review National Institute of Standards and Technology (NIST) Cybersecurity Framework and  adopt risk management processes
  • Create, implement and keep up-to-date an incident response plan
  • Create company policy and implement lawful network monitoring
  • Have proactive relationships with law enforcement agencies – silence is letting cyber criminals win

Practical Security Best Practices

  • Network Segmentation – keep the guest wireless separate from the local network, keep payment processing in its own network and keep web servers in the Demilitarized Zone (DMZ) of the network.
  • Use firewall access rules, Active Directory Group Policy and physical security measures to limit unsecure access to every segment of your network.
  • Restrict usage of administrator level access by creating alternative accounts for these purposes that are not used for local login. Keep these accounts monitored.
  • Implement automated patching and managed virus scanning on all systems. Remove any unsupported / non-updateable software or sytems on the network.
  • Restrict remote access to the network to specific users and use only secure protocols like RDP through VPN
  • Conduct periodic testing of all security measures to identify weakness or failing procedures and adjust systems accordingly

Advanced Mitigation Processes

  • Use multi-factor authentication wherever possible
  • Establish baseline of applications used then implement application whitelisting
  • Standardize encryption for data both at-rest and in-transit
  • Conduct perimeter filtering via Intrusion Detection System (IDS)
  • Regularly backup system logs in a segregated portion of the network to prevent tampering

If your company is going to use full disk encryption or has compliance requirements that you need consulting for, then contact us for assistance.

Posted in : Active Directory, Compliance, Disaster Preparedness, Encrypted Email, Encryption, Event Logs, Group Policy, Network Security, Networking, Servers, Threat Detection, Updates, Virus Infection, VPN

Leave a Reply

Your email address will not be published. Required fields are marked *

Archives

Categories

Plant a Seed @ 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2023- Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

[contact-form-7 id="452" title="Free Network Evaluation"]