Put on Your Cyber Armor, A Cyber Battle is Coming to You

Yesterday: In the early Middle Ages, knights spent hours getting ready for battle putting on their armor with the help of a squire. There were hooded coats, trousers, gloves and shoes made of chain mail. Add the helmet, shield, and sword, and they were ready for an attack.

Today: In order to prepare for the inevitable cyber battle, you do not want and cannot avoid, you need your own form of chainmail. Here’s how you can prepare your home or business.

Ransomware attacks:  To avoid the ransom for your hostage data, you should be backing up critical business data nightly or more often if operations require. In that case, you will only lose one day’s worth of data plus the time and resources it takes to restore your infected system.

It’s Not Just Large Companies: This happened to Haywood County School District in North Carolina.  Their computers were attacked by Suncrypt ransomware.  They did not pay the ransom because they had backups, however, they had to delay school for a week to restore everything.  Suncrypt uses a Windows admin utility called “PowerShell” to send a file to execute on other computers in order to rename and encrypt every folder on the infected computer. The hackers now have your data hostage.

What could the school district have done to avoid the infection altogether? 

First, the person who clicked on the phishing email had “administrative” privileges.  Cybersecurity has a concept called “least privilege” where a user has a least amount of privilege to do her work.  All internet browsing and email reading should be done as a non-admin user.  It is critical to only use admin privileges when performing admin functions (configuration and installation).

Second, the computer security policy allowed the use of outbound PowerShell.  The system policy should have disabled outbound PowerShell capability. Powershell is the new favorite of hackers.  According to Softpedia  eighty-seven percent (87%) of common malware uses PowerShell. This one change to your system can block much of the current malware.

Finally, for this particular attack, and those like it, the entire attack would have been thwarted if the systems had a simple setting enabled called “Controlled Folder Access.”  This feature allows only authorized applications and users to modify folders.  This would have completely blocked Suncrypt.

Phishing Attacks:  Phishing is getting very complex.  There are new targeted phishing campaigns where emails are sent to company users claiming to be from the IT Department.  The emails explain that certain sent emails were quarantined and provides a link for the user to login and review the files.  The link takes you to a screen that looks exactly like the company login.  The hackers grab the user’s credentials when they attempt to login and fix the problem.

The Lesson: The lesson here is to always hover over any link.  Do NOT click the link without checking it.  When you hover over the link, the details of the link show in the bottom left-hand corner of your browser or pops out on your email application.  Verify the entire link carefully. Hackers can be creative with their domain names making them similar to the real domain names. So look closely.   When it comes to links, hover, hover, and hover again. 

One More Protection: Lastly, review your business insurance policy and ensure it covers computer fraud, and think about looking into cybersecurity insurance. A few extra dollars a month may be more palatable than $100,000 in lost business while you clean up the mess from the inevitable cyber battle.

The Moral: The moral of this sad tale is: along with that first cup of coffee or tea in the morning, remember to put on your cyber armor before you check your emails.