Tuesday, Dec 7, 2021
BY: Josh Smith - Cybersecurity Analyst
The pandemic has brought new challenges to the world of security threats. At the same time, defending against these threats shows that the basics of cybersecurity are still valid, and we need to double down on these methods. This is especially the case as Windows 11 is beginning its rollout, with new sets of security problems certainly ahead.
Malware vs. Microsoft Exchange
During 2021, we observed a series of vulnerabilities specifically targeting Microsoft Exchange servers. Both were discovered in August. The first is called ProxyShell. It attacks servers through compromised authentication credentials and the mail programming interface. The second is called ProxyLogin where an attacker can bypass administrator credentials. It appeared in March although wasn’t found until August. Both target various on-premises versions of Exchange servers going back to the 2013 versions.
Ransomware attacks accelerating
In addition to these attacks, we continue to see that ransomware is still a threat to businesses. These attacks continue to accelerate and are getting more dangerous. Hackers have taken things a step further by compromising software supply chains (as a notable example, see the SolarWinds attack). The initial ransom campaign is now being combined with follow-up threats to post the stolen data from the target, and more ransom campaigns are collecting the data before the malware makes the PC unusable.
The plague of reused passwords
And spear phishing continues, playing off the problems that reused passwords still plague many of us as hackers take advantage of credential leaks that are widely publicized. The best defense here is to not use your corporate email account to authenticate on private services like grocery delivery or online shopping.
Tips to protect yourself from these attacks
To effectively combat ransomware and other attacks, you should take these simple steps:
- First, ensure that your backups are intact and that you can recover your files. Most organizations only find out that their backups have been compromised after a ransom attack. You should have automated recovery procedures to continually test and verify your files. Part of the challenge is that many businesses have significant online footprints, which means recovery periods of several days are no longer adequate.
- Network segmentation limits your exposure too. Your backups should be kept on separate networks and craft your network segments so that contractors and other third parties can be kept isolated.
- User and phishing awareness training is essential. This is a great teaching method and can help improve your security profile. Have training that is inclusive, that is easily digestible by non-technical users and collaborates across departments so that it can be corporate-wide. All it takes is one successful phishing email to reach its target and your entire network could become compromised.
- You need to maintain updates and apply patches in a timely manner. Many attacks focus on systems that are running older OS versions, such as Windows 7 (or even XP) and those that haven’t applied the latest patches. An important part of patching is being able to do accurate inventories of your software and systems and figure out what’s outdated and what systems aren’t part of your inventory. Even though the Microsoft Exchange vulnerabilities have been known for many months, there are still thousands of unpatched servers that could become their next victims. Hackers are looking for low hanging fruit and hardening those things will help you stay above the fray.
- Finally, if you haven’t yet deployed multi-factor authentication, now is the time to do so. These tools to make it harder for accounts to become compromised. We continue to have briefings to discuss the issues around deploying MFA. And while there are infrastructure challenges for network managers and usability issues for end users, this is still one of the best defenses that you can take and one of the most cost-effective ways to secure your network.