Here is the list of measures to be taken to strengthen the IT defenses of organizations “when the cyberthreat is increased” by “zero-day” type software flaws or geopolitical tensions.
The advice comes amid growing fears of a Russian invasion of Ukraine. Microsoft recently discovered malware dubbed “WhisperGate” on several Ukrainian systems. Malware reminiscent of NotPetya, the software that targeted Ukrainian organizations in 2017 via a flawed update to accounting software, but also infected the global computer networks of US and European companies. The attack cost European and American businesses billions of dollars, according to White House estimates.
Rafe Pilling, a security researcher with Secureworks’ Threat Countermeasures Unit, believes that organizations in the United States and Europe could fall victim to WhisperGate in the same way. “While organizations outside of Ukraine are unlikely to be directly targeted, clients should consider their exposure to collateral damage through service providers or business partners in Ukraine,” says -he.
How to limit collateral damage?
“Organizations must be extra vigilant and maintain up-to-date backups of critical systems and data, test recovery processes before they are needed, and ensure that backups cannot be affected by attacks of the type ransomware or wiper. »
So what should potentially affected companies do to limit the risk of becoming collateral damage?
The UK Cyber Security Agency (NCSC) says organizations need to strike a balance between cyber threats and defense and notes that “there may be times when the cyber threat to an organization is greater than usual”.
“It is rare that an organization is able to influence the level of the threat”
Triggers include a spike in adversary capability due to new zero-day flaws in popular software, or something “more specific to a particular organization, industry, or even country, resulting from hacktivism or geopolitical tensions,” says the NCSC.
The NCSC’s response is to control what you can, because you cannot control the level of threat. This means patching systems, verifying configurations, and protecting the network against password attacks.
“It is rare that an organization is able to influence the level of the threat. Actions therefore typically focus on reducing vulnerability to attack and reducing the impact of a successful attack,” the agency explains.
The Cybersecurity Action Checklist
Here, then, is a checklist of fundamental cybersecurity actions that are “important in all circumstances, but critical during times of heightened cyber threat.” Taking these steps is important because organizations are unlikely to be able to quickly implement widespread changes when threat levels rise.
The NCSC list includes:
- Check your system patches. Make sure your users’ desktops, laptops, and mobile devices all have the latest patches.
- Check access controls. Ask your employees to ensure that their passwords are unique to your work systems and not shared with other non-work systems.
- Make sure the defenses are working. Check antivirus and firewalls.
- Recording and monitoring. Understand what logging you have in place, where the logs are stored, and for how long.
- Check your backups. Confirm that your backups are working properly.
- Incident response plan. Check that your incident response plan is up to date.
- Check your internet footprint. Perform an external vulnerability scan of your entire internet footprint.
- Response to phishing. Make sure staff know how to report phishing emails.
- Third Party Access. Understand what level of privilege is granted to your systems, and to whom.
- Inform your organization at large. Make sure other teams understand the situation and the escalation of the threat.
Source: ZDNet.com