How to Combat the Biggest Cyber Threats of the Last Year in 20174 Minute Read

 In Security

In our article last month, we covered two of the top cyber threats of 2016 – Ransomware and Business Email Compromise or BEC.  With the amount of money involved in these types of attacks, these cybercrimes will most certainly continue to plague organizations throughout the coming year.  Although Ransomware can be initiated through drive by Internet sites, email is still the predominant delivery system of both of these cyber menaces.  Whether it is to capture user credentials or to deliver malicious malware through an embedded link, cyber criminals continually target your email system each and every day.  It is the gateway into your network that involves the highest degree of human receptiveness, which means it is a key point of vulnerability.

Protecting What May be Your Weakest Link
The first line of defense for these threats is an effective email security system.  Today’s leading Email security solutions such as the Barracuda Email Security Gateway offer far more than mere SPAM filtering, offering a complete coverage against a multitude of threats including inbound malware, spam, phishing, and Denial of Service attacks.  This and other solutions offer additional features as well such as email encryption to protect the integrity of email messages, as well as spooling, should your email server ever go down for any duration of time.  With the proliferation of mobile computing today, companies such as Barracuda now offer their email security solutions in the form of SaaS delivery as well.  In doing so, threats are eliminated before they even touch the network.  In addition, IT Leaders are recognizing that their company’s email is one of the weakest links in their security coverage.  Because of this, many organizations are even supplementing the email default protection provided by services such as Office 365, with an added layer of protection.   Solutions such as the Barracuda Email Security Service are designed with the intention to compliment cloud based email services and foster a greater defensive shield.

Protecting from BEC Threats
Although email security solutions like those offered by Barracuda are extremely effective at combating most threats today, the unfortunate fact is that no solution is totally foolproof against all attacks.  A case in point is BEC threats which involve taking advantage of internal email procedures as was discussed last month.

These types of attacks can be easily thwarted by a multi-communication policy concerning large wire transfers.  More and more IT departments for instance are requiring multi-factor authentication for company email and remote access, such as a username/password complimented by a text message PIN, security question, security token or fingerprint.  In the case of large wire transfers, the CEO should have to confirm the wire request with a phone call from a specific phone number.  As an added measure, the CEO would have to verbally state a rotating password.   This is the same concept that the military uses to confirm striking orders on a submarine or missile base for instance.  These measures may not be convenient, but they can save a company from embarrassing devastation.  Similarly, any changes made to a vendor’s profile or payment location should be verified by a secondary sign-off by multiple company personnel.

A common ploy with these types of attacks involve Typo Squatting or URL Hijacking.  One way to prevent this is through regular training program for all employee positions in the financial department.  Employees could be trained to examine and confirm the “From” name and address as the real name and address of the CEO or whichever account is requesting the transfer.  In addition, the “Reply-to” name should be confirmed as well.  Staff members could also be trained to forward the request in order to respond to it rather than simply replying to it.  This way, the employee would have to manually insert the CEO’s address from the contact list within the email application.

Layered Protection Against Ransomware
An international study showed that 40% of all enterprises experienced a ransomware attack in 2016.  Of these victims, more than a third endured a financial loss and 20 percent had to stop business completely.  As we discussed in our blog of July 2016, the one thing you can do to protect your organization from any sustained damage from ransomware is an effective backup solution.

A simple security measure you can implement in order to prevent ransomware from establishing a foothold in your network in the first place is to create a software restriction policy through Windows Group Policy.  By configuring a rule set for all executables within the two mentioned folders as well as any subfolders contained within them, you prevent these malware strains from taking root, thus eradicating their ability to encrypt your data.  If your computer isn’t domain joined, you can still implement a SRP on any professional version of Windows 10, 8 and 7 through Local Security Policy.  You can specify files for SRP by a number of ways such as their hash identity but in this case, configuring a path rule is the most effective.  Once you create the policy, make a rule using “New Path Rule” for the folders as is shown below.

%AppData%\*.exeDisallowed
%AppData%\*\*.exeDisallowed
%TEMP%\*.exeDisallowed
%TEMP%\*.\*.exeDisallowed
%TMP%\*.exeDisallowed

 

Modern threats today are highly sophisticated, making detection difficult.  What’s more, thanks to financial incentives and malware distribution channels, 2017 is sure to be another year of combatting smart cyber threats such as these.

Leave a Comment