During a recent briefing from the FBI’s Oregon Cyber Task Force in Medford, OR they detailed best practices and industry standards for cyber attack mitigation. FBI special agents started with information and statistics about the most recent threats giving specifics of how the attacks were executed. Security Architect from the State of Oregon then outlined the specifics of how to mitigate these threats properly. Here is a summation:
Current Threat Landscape
Business Email Compromise (CEO Fraud): Involves cyber criminals posing as business executives at companies that regularly perform wire transfers. After compromising the executive’s email, the criminal requests employees to perform wire transfers to the criminal’s bank account. FBI Internet Crime Complaint Center (IC3) has reported over $3 billion of losses worldwide due to this threat.
Ransomware: Ransomware is a form of malware that targets weaknesses in networks to deny the availability of critical data by encrypting it and demanding a ransom for the encryption keys to decrypt the data. Ransomware is frequently delivered through spear phishing emails to end users.
Point of Sale (PoS) Malware: Cyber criminal steals payment card data by remotely infecting PoS systems with malware without the need to physically access the cards or the devices used to process them. This allows criminals to compromise PoS systems on a large scale with larger victim base.
Insider Threat: An insider is a current or former employee who has access to an organization’s network and intentionally misuses that access to negatively affect the company. IC3 has recorded business losses from insider threat to be between $5,000 to $3 million.
Internet Extortion: Victims are threatened by cyber criminal with Distributed Denial of Service (DDoS) attack that will make access to their e-commerce site severely degraded or impossible if they victim does not pay to appease them. These can be real or fake with price tags in the neighborhood of 50 bitcoin or about $30,000.
Cyber Attack Mitigation
Here is a list of items that will need to be addressed to comprise a complete mitigation plan:
- Create company policy in regards to how wire transfers are handled that require verbal or in-person authorization from multiple company executives
- Create company policy restricting details that can be shared about job duties and company hierarchy on social media
- Review National Institute of Standards and Technology (NIST) Cybersecurity Framework and adopt risk management processes
- Create, implement and keep up-to-date an incident response plan
- Create company policy and implement lawful network monitoring
- Have proactive relationships with law enforcement agencies – silence is letting cyber criminals win
Practical Security Best Practices
- Network Segmentation – keep the guest wireless separate from the local network, keep payment processing in its own network and keep web servers in the Demilitarized Zone (DMZ) of the network.
- Use firewall access rules, Active Directory Group Policy and physical security measures to limit unsecure access to every segment of your network.
- Restrict usage of administrator level access by creating alternative accounts for these purposes that are not used for local login. Keep these accounts monitored.
- Implement automated patching and managed virus scanning on all systems. Remove any unsupported / non-updateable software or sytems on the network.
- Restrict remote access to the network to specific users and use only secure protocols like RDP through VPN
- Conduct periodic testing of all security measures to identify weakness or failing procedures and adjust systems accordingly
Advanced Mitigation Processes
- Use multi-factor authentication wherever possible
- Establish baseline of applications used then implement application whitelisting
- Standardize encryption for data both at-rest and in-transit
- Conduct perimeter filtering via Intrusion Detection System (IDS)
- Regularly backup system logs in a segregated portion of the network to prevent tampering
If your company is going to use full disk encryption or has compliance requirements that you need consulting for, then contact us for assistance.