18 November 2019

SECURITY GYAN Bytes : November 2019 : 18th November 2019

Ransomware - Part 1
Windows 7 is going to be the end of life by Jan’2020 – that’s what cybercriminals
are waiting for as with no patch and no support; they can launch their attack
against unprotected Windows 7 machines, and guess what their favorite tool
will be, Yes you are right..It’s a Ransomware. The technology is a dual-edge
sword; legitimate use of encryption is required to safeguard information from
falling into wrong hands, but hackers have used this technology to become
their cash cow. They use traditional methods to get initial infection to their victim
and encrypt documents on client PC so that they are inaccessible. Now, once
they have control over documents, they demand ransom to give you access
back to your files.

Let’s see, how we can handle the Ransomware epidemic:
Backup, Backup, and Backup – I can’t stress enough that backup is of
utmost importance for any organization. At enterprise level, mostly there is
good backup policy; I’d recommend reassessing what’s currently being backed
up; maybe check with business on what they think should be backed up – and
you’ll be surprised that what business think is most important is not even
included in the backup list. So, this will be a good exercise to ensure that what
IT backs up is in sync with business needs.
Have a second copy of offsite backup; that will come in handy, in case, your
primary backup also gets infected (mapped drives, careless admins, etc.).
Periodical restore would be helpful so that you can trust your backups. Many
times, we do take backups but when it is required to restore them, they fail; so,
set up a restore test policy to monthly/quarterly/bi-annual whatever works for
your organization.
You may also look for cloud-based backup; Azure, AWS or even your local cloud
provider have any options for in-cloud backup.
If you keep backup on your mapped drives; ensure that you disconnect that
after the
backup. Because ransomware will encrypt all mapped drives as well and you’ll
end up losing your backup as well. So don’t keep a backup copy on the server
which is backed up; have seen many making a mistake of backing up their web
server and leaving the master copy on the server itself.

Patch your OS and Apps, and have an inventory of your assets –
Ransomware, as any other piece of malware code has to exploit some
vulnerability in order to get initial foothold; this may be a careless user running
macro-enabled document OR an exploit in Java or Adobe OR using legitimate
utilities like Powershell. Define a consistent baseline for your operating systems
and ensure they’re up to date to latest patch level. Having a single OS across
the enterprise helps in base lining and patch management; if you’re on
Windows 10 migration journey, it’s your chance to correct the things.
Remember Windows 7 is going to be out of support in Jan’2020.
Know your apps; know what versions are installed and if you really need them?
Scan now, you’ll find hundreds of different versions of Java installed across your
organizations – do you really need it? Get rid of java, if you can – you’ll improve
your security posture greatly. Patch all your Microsoft applications as well as
third-party apps.
If you don’t have control over your software and hardware inventory – it will be
very difficult to achieve a decent level of security, and Ransomware will always
be a threat to your organization.

Awareness, yes! it pays off – Conduct formal security awareness sessions
for your employees; if possible, classroom style; if not, there are various options
like webinar; recorded videos; whatever works for your organizations. Link
security awareness to them as an individual; show them that the hackers can
monitor them via webcam on their machines/phones; they can listen to their
conversation by using the mic on their phone/laptops. They should understand
that security awareness is not just to defend the organization; it affects them
and their families as well. Show them, how by just clicking on a link or opening a
document can bring Ransomware to their computer. Seeing is believing; no
matter what amount of newsletters/another campaign you run, unless they see
it happening, they won’t believe it – show them how in real-time Ransomware
infection happens.
Even the Verizon DBIR says, that social engineering is the top method used by
hackers to gain access to organizations.Gets some education going; this will
not only increase your visibility in organization; but you’d gain many human
sensors who will work on your behalf to secure the organization.
----To Be Continued.....

This Gyan-Byte is contributed by Vikas Arora. He is
currently the Vice President – Global IT & Security
of Toluna. He has more than 23 years of work
experience in the IT industry and is passionate
about cybersecurity. He also works as a virtual
CISO for various organizations and speaks at
various national and international forums.
Twitter: @techievicky