By Steve Cobb, CISO, One Source
With the transition to remote working comes new vulnerabilities. As organizations have shifted to provide convenience to its workers, many times they overlook the security needed to protect their organization. This creates opportunities for hackers to exploit vulnerabilities and deploy ransomware in new, sophisticated ways.
Ransomware is the COVID-19 of the digital world.
Ransomware attempts are increasing daily as attackers discover that there are a multitude of easy targets and that the ROI for their efforts has become extremely high. The global pandemic is only adding fuel to the fire. The most common way threat actors deliver ransomware to organizations is through spam and phishing attempts. However, threat actors are being more opportunistic in their deployment. Remote Desktop Protocol (RDP) and drive-by-downloads have become top methods of delivering ransomware infections. The increase in ransomware infections and the various, new methods of attacks is cause for organizations to consider different strategies to keep their workers and customers safe.
Below are 5 tips that you can easily execute to protect your organization:
- Turn on Multi-Factor Authentication. Turn this on as soon as possible! There are many free services that are easy to implement. If you have purchased a plan with Google or Microsoft, you have access to MFA software for free. This is especially important as the credentials for Office 365 are the most heavily used to exploit other services. By turning on MFA, you are protecting your organization – spanning from the cloud to your network.
- Do not allow RDP over the public internet. The best thing you can do is not turn on RDP over the public internet AT ALL. We have seen hackers use RDP to access an organizations environment and use it to move about until they located the domain and admin levels where they can deploy ransomware. If you must have RDP on over the public internet, make sure you are logging on with MFA and that there are access rules in place on your firewall so that RDP can ONLY occur from specific IP sources.
- Secure your remote access methods. If VPN is available, make sure your provider allows for MFA or Single Sign-on authentication. Implementing best practices to create strong passwords will also help protect your remote access methods. It is important that you have visibility into the attempts that are happening across your remote access, as these exploits are on the rise by threat actors.
- Security products that are monitored. Enterprise level network, email or host-based security products look at advanced threats and user behavior. These products allow you to see malicious activities that are happening as soon as possible so you can reduce the impacts and save your organization from the threat of ransomware. To do this, you must have the resources, skillset and knowledge in-house to interpret the information you receive from these tools. Doing so will allow you to isolate endpoints and block access out of specific network destinations that may be main control services for threat actors.
- Use a MSSP. A managed security service provider is a partner that will fully manage your security needs. This is a great option if you don’t have the internal skillset, bandwidth or resources to maximize your security. Many attacks are happening during the off hours of the business day and during holidays when most people have their guard down. A MSSP will be monitoring during these off hours so you get notified of an attack earlier and the MSSP can take action on your behalf, minimizing the impact of a breach.
These tips will greatly increase your ability to protect your organization from the ever-increasing ransomware attacks. You can dive deeper into the innovative methods used to deliver ransomware and new tactics attackers are using to gain a foothold and deliver their payloads in our FREE On-Demand webinar, “Ransomware: It’s Not Just Delivered By Email Anymore!” put on by BrightTALK in their virtual event – Security in the Age of Malware.
Complete the following to access On-Demand webinar, “The Advantage Of Deception Technology to Detect A Data Breach”.
Complete the following to access On-Demand webinar, “Ransomware: It’s Not Just Delivered By Email Anymore!”.