Cyber criminals are using all kinds of deployment techniques from, placing a Trojan in commonly used software to attachments in phishing emails. On other hand, organizations have not even enabled basic security techniques. The web threats and vulnerabilities are growing strongly and need full time attention from the business owners to keep their online entities safe. The vulnerabilities that have been making headlines as well the best practices organization and individual can take to prevent them are listed as under.
Phishing is a rising concern for the enterprises that entice customers and reveal personal information. To stop phishing, online enterprise needs to consider much more seriously than ever. This malicious activity can be done through public WI-Fi, fake phone calls, fake emails, and so on. If we look at the survey of IT Governance from the UK there are some facts that can open our eyes and reveal the level of safety of your employees in an organization.
- There are 87.91% of phishing links are spread via browsers
- 12.09% phishing attacks are spread via e-mail.
- Around 156 million are sent every day.
- 6 million Emails pass spam filters.
- Nearly 8 million spam emails are opened by receivers.
2015 has been full of new vulnerabilities drawn everyone’s attention compare to the previous year. A new vulnerability Factoring Attack on RSA Export Keys or FREAK appeared as well. This vulnerability enabled the attackers to decode communication between the website and its visitors. Hence, communication or personal information submitted on such sites, including the passwords and personal information became vulnerable. The devices that used un-patched OpenSSL 3.0 were vulnerable, however, there were no major losses reported. The best way to keep the server secure was to renew the SSL/TSL on time and implement the new updates as soon as they become available.
Various families of the malicious malware termed as ransomware that have been reported to extort $325 million by ransomware malware infecting the users’ device. The malware threats for extortion are on the rise and are getting grimmer. Attackers encrypt the data by locking the device and demand ransom from enterprises. Cybersecurity experts fear that ransomware might be the biggest cause of cyber security concern in 2016 as well.
Targeted Attacks and Exploits Kits:
Zero day vulnerabilities and targeted attacks, exploit kits such as the Waterbug attack, Turla and Regin, etc. chooses highly sophisticated attack methods. Experts believe that state-sponsored groups are behind these attacks. Carefully designed spear phishing campaigns leads to deceptive waterhole websites are not only targeting organizations and individuals, but also the government websites. These campaigns have super sophisticated modules and are capable of gaining remote access and deleted file recovery, capture screenshot, network traffic monitoring, and password theft.
The Red Hat Enterprise Linux was reported to be vulnerable with remote access vulnerability termed as GHOST. The glibc vulnerability enabled the hackers to call an application or install an application they want to on the Linux server affecting the gethostbyname() and gethostbyname2() function. These functions are used for DNS resolutions. It was imperative that the correct and updated package of RHEL4 – ELS version is installed. Non-ELS package displays a vulnerability message to the visitors of the site.
Combining malware with advertising (malvertising) to drive traffic via advertisement to the ransomware sites such as Browlock is on the rise. Not only ransomware is being circulated under disguise advertisements, but also Trojans are delivered and installed on victims’ computers via malicious advertisements. A website owner might have very little control over the advertisements being displayed by the ad network as well as the ads that the visitor clicks. However, you can pick the ad networks with diligence. Picking the ad networks that restrict the ad functionality reduces the risk to a certain extent.
Denial of Service:
The third quarter reports of 2015 released by VeriSign on DDoS (Distributed denial-of-service) state that the attacks have risen by 53 percent. The overall attacks in the third quarter of 2015 were on peak in the last two years. Not only the level of attacks is on the rise, even the size of the attacks has grown by 27 percent.
While the DDoS attacks are not new, yet the rising number of attacks, increase in their intensity and the financial implications of these attacks is a cause of worry.
Security Measure for Organizational Cyber Security
The investments in the cyber assets don’t only need protection, but they also need constant vigilance. Implementation of an anti-virus is not enough (definitely not optional).
The best practices that an organization must take for Cyber Security have been listed below that will keep your assets, customers, visitors and organizations’ brand value (goodwill) safe and sound.
In Depth Defense
- Antivirus protection only on the endpoints (while initial connect, and while checkout) is not enough. The antivirus protection must be implemented 360 degrees. Every part of the network must be under strong surveillance and under the constant vigilance of a dependable antivirus.
- Layered firewalls as well as intrusion detection and protection system must be implemented and updated on a regular basis.
- Enable browser protection and disable auto download or updates on the browser plugins to keep safe from automatic malware download.
- Disable web based app auto download and installations to keep safe from Trojan download and installations.
- Create backups. Keep backup copies at a safe destination and at least 10 miles away from the original servers.
- Create alerts across vendor platforms to receive alerts about any new vulnerability that has been discovered. Be proactive and implement the available patch at once.
Web security and gateway solutions implemented throughout the network will help to stay safe from the social engineering attacks. This will also restrict and eliminate reach of malware within the network.
- Enable DNS alert against the fictitious website. This will help you to keep your brand value as well as your visitors safe.
- Watch closely the behavioral patterns of the applications.
- Keep the internet and Intranet assets separate.
- Enable file change alerts for internet and watch the file changes closely.
Each piece of accessible drives including USB devices must be programmed for
- Only authorized access
- Layered firewall protection and antivirus
- Secure encryption
- End session and auto disconnect on removal from the network
- Forced logout (to be used if required)
- Implement physical security for protection against theft.
- Enable remote erase on mobile devices to protect data in case the device is lost.
Implement DLP solution to restrict copying of confidential data on any unencrypted external storage device.
Network and Software Protection
- Scan all the files regularly.
- Sensitive data must be kept under authorized access only.
- Force use of highly secured passwords and dual authorization. Passwords must be changed in highly secure and official environment within 90 days of time frame.
- Ensure all data on the network is encrypted.
- Set limits for usage on the internet as well as intranet with forced logout.
- Get digital certificates only from trusted sources. Make the secure signs visible on your website as well.
- Implement patches and updates as soon as they are available.
- Update the software, apps, plugins, SSL, other security software, virus definitions, etc. on a regular basis from the original source and not from third party ventures. Enable the auto update wherever possible.
- Keep test signing infrastructure separate from release signing.
- Scan emails thoroughly. Restrict email attachment types. Files containing ‘.VBS, .BAT, .EXE, .PIF, and .SCR’ extensions must be scrapped as spam (even if they are from a trusted source).
Secure website against attacks and infection
- Implement an AlwaysOn SSL to keep the site and visitors safe. Ensure migrating to SHA-256 as soon as possible to keep the site from displaying error message on Google Chrome and Internet Explorer. Digicert recommends the use of ECC-256 keys and claims it to be 10,000 times better and a much stronger protection against brute-force attacks.
- Set secure flags for all the cookies of each session.
- Enable daily website scans and set alerts for any file changes to track all vulnerable aspects on a regular basis.
SSL is the best protocol to protect the website visitors provided if they are appropriately implemented and thoroughly updated. Ensure proper server configuration, disable old (up to SSL3) certificates, and implement updated TLS certificates on a priority basis without any delays.
Educate the Task-force
- Never open email attachments from unknown senders or the ones that do not seem genuine, even if the sender’s name seems familiar.
- Beware of social engineering and tactics. Easy money offer is a scam/trick to embezzle personal/professional details.
- Educate employees on the links that lead to genuine login pages as compared to fake logins.
- Strong, unique, and dual step authentication for each login account must be recommended.
- Never visit sites that display warnings even if you have an antivirus, firewall and secure encryption.
- Do not download or install software from third party sites without scanning. Download only from the original sources.
- Do not click untrustworthy URLs in emails.
- If the browser displays warning signal, close that site immediately. If you cannot close it use task manager to quit the browser.
Combat Infection and Incident with Proper Response Procedures
- Keep backups and create restore points regularly. In case of an attack, restore and backups help to save a lot of time.
- Identify infected systems immediately.
- If network is affected, block the access and disable toe related services until threat is resolved.
- Get in touch with your security experts at once.
- It is a good practice to keep the contact details of your security vendors handy.
Apart from implementing the above, we recommend you to be a part of forums and discussions to keep in touch with the latest updates. However, security firms and the website owners need to react on security issues because hiding the issues create worse damages than we can imagine.
Again, these best practices are not only to be read, but it is a functional guide to inform and protect, that must be implemented.
Related Posts :