Arraya Insights | June 22, 2017
Do you know where your administrator credentials are? Hopefully, the answer to that is “With my administrators.” However, it may not be the only answer as per a recent warning issued by the federal government. The National Cybersecurity and Communications Integration Center (NCCIC) has uncovered what it calls an “emerging, sophisticated campaign,” one that uses an organization’s administrator credentials against it to, potentially, compromise its system. Manufacturing, energy, and healthcare are just some of the verticals targeted by this campaign during a crime spree that has – to date – lasted more than a year.
The attack methods leveraged during this campaign vary, however, in a typical event, attackers will compromise a legitimate set of administrator credentials and use them to gain access to an organization’s network. From there, attackers deploy malware implants to fly under the radar while gaining additional access to the victim’s systems. Malware families utilized as part of this campaign include: PLUGX/SOGU and REDLEAVES.
The NCCIC has designated this campaign with a threat level of yellow, meaning a mid-level threat that could affect “public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.” When looked at on a more granular level, the possible impacts of this campaign become more familiar, if no less anxiety-inducing. Possible fallout includes, in the right conditions, things like loss of sensitive data, costly disruptions, costly recovery, and the negative PR that comes with data breaches.
5 ways to rest easier about data security
Industrial companies of any kind appear to be a big target of this campaign, however, all organizations, regardless of industry, would be wise to prepare for it. In their official rundown of this threat, the NCCIC includes a number of steps organizations can take to ensure they’re ready for the worst. Included in this list are five cyber security best practices that, if your organization isn’t following yet, they should do so ASAP, such as:
- Hunt for vulnerabilities – The “if it ain’t broke, don’t fix it” mindset doesn’t apply in cyber security. All too often, something is broken; the problem just hasn’t revealed itself quite yet. Go looking for problems. Put a program in place that allows you to regularly search for weak points in your network, and – when you find them – take the necessary steps to remediate them. This keeps the security team from being stuck reacting to what’s going on around it.
- Protect data in all states – Data isn’t only at risk when it’s on the move. Whether it’s resting peacefully in your data center, or in transit to the cloud or beyond, end-to-end data encryption is a must. Even if your perimeter defenses are strong, cyber criminals can still sometimes find their way in, as exemplified by this campaign, so the more layers of defensive depth you can add, the better.
- Acknowledge all threats – In many cases, risk originates from outside your company – but not all the time. Be sure to have a program in place that allows you to monitor for and respond to malicious activity that has its origins much closer to home: your own employees. Whether it’s a mere accident or it truly is malicious, you’ll want to be ready to address suspicious activity just the same.
- Remember security and compliance aren’t the same – As Arraya’s Cyber Security Practice Director Tom Clerici noted in a blog post from earlier this year: “You can meet every single checkbox requirement for a typical cyber security audit and still be completely susceptible to a breach.” Doing only what’s needed to hit the targets laid out by regulators may make you safer, but it may not. True security requires a deeper commitment, one only measurable in audits separate from those gauging compliance.
- Check your logs – System logs – even those that, on the surface, aren’t connected to security – are a valuable resource far too many teams overlook. They’re a perfect way to catch potentially shady behavior taking place on your network and it’s data you are already able to access. Reviewing these logs should be a regular function for security team members and not a “when there’s time” task.
Don’t face cyber threats alone
Cyber security is a big job, but it’s one modern organizations can’t afford to take lightly. Whether you want to implement any or all of the above best practices, or go even further, Arraya Solutions’ Cyber Security Practice can help. Our team is ready to ensure your organization has the tools, knowledge, and team bandwidth to handle anything those occupying the wrong side of the law can throw at you.