Is it time to stop being victims?
This week marked a number of ransomware attacks and continued growth of new means and methods of extortion practiced by ransomware gangs.
The question that springs to mind is, of course – what can be done? We thought we’d devote this issue of TWIR to what you can do to fight back.
A recent Telus study outlined many of the things that businesses can do to make themselves less likely to face attacks and to minimize the “blast radius” or damage done when they face a ransomware attack.
The report suggests that you take some key steps: Formalize your vulnerability management program – know where your weaknesses and gaps are and develop a program to prioritize fixes. Develop an incident response plan for when (not if) you have a breach or attack. Other items on the list include email filtering, endpoint protection, multi-factor authentication, monitoring, and subscribing to a threat monitoring system.
The study from Telus can be downloaded from www.telus.com/RansomwareStudy. (Registration required)
But what is being done? Last week had some good news, as law enforcement went after some of the perpetrators of cybercrime.
The FBI strikes back at ransomware gangs
The Federal Bureau of Investigation (FBI) and the U.S. Department of Justice announced the seizure of three domains used by cybercriminals to sell personal info stolen in data breaches.
WeLeakInfo.to was the perpetrator that listed stolen data from over 10,000 data breaches. The contents contained a great deal of personally identifiable information (PII); the approximately 7 billion records featured names, email addresses, usernames, phone numbers, and passwords for online accounts.
The two additional domains, ipstress.in and ovh-booter.com, provided services where clients could request that a website or web platform of their choice to be taken down in large-scale Distributed Denial of Service (DDoS) attacks.
“These seizures are prime examples of the ongoing actions the FBI and our international partners are undertaking to disrupt malicious cyber activity,” FBI Special Agent in Charge Wayne A. Jacobs said. “Disrupting malicious DDoS operations and dismantling websites that facilitate the theft and sale of stolen personal information is a priority for the FBI.”
Sourced from an article in Bleeping Computer
But how well are we doing – here’s the bad news.
Cybersecurity firm CyberCatch announced its quarterly Small and Medium-Sized Businesses Vulnerabilities Report (SMBVR) for Q1 2022.
The report noted “an alarming rise in vulnerabilities detected in Internet-facing websites, servers and applications. One of the stats that stuck was this: 82 per cent of U.S. and 78 per cent of Canadian SMBs have spoofing vulnerabilities that attackers can easily exploit.
We can’t blame SMBs. At a time when they are struggling to keep their heads above water, they have found themselves as the prime targets of a very sophisticated and well resourced opponent.
So rather than blame and shame, here’s three things SMBs, or companies of any size, can do that will have a big positive impact and make it harder for cyber crooks.
- Know your data and its value – conduct an inventory of your data and understand what is critical and essential. Look at it from the point of view of the customer, and what it would be like if that data was exposed.
- Do the basics. The Telus report lists these key elements, but one thing is critical. Ensure you always have up to date, restorable backups. These must be disconnected from the internet and write protected. Test them, and test the time it takes to restore.
- Train your employees and keep your management team up to date on what is happening. Podcasts like ITWC’s Cyber Security Today do an excellent job at keeping you up to date. We have an excellent set of free tools and videos to help the discussion in your organization. There are highly produced, exceptionally engaging videos to get your employees thinking about security. There are templates to enhance the discussion. If there is anything missing, please let us know and we’ll develop and include it.
