Fight Back Against Cyberattacks With the Latest Tools & Strategies

The most effective defenses against cyberattacks have been known for years. They don’t involve ChatGPT, OpenAI, quantum computing, zero trust or any buzzword you may have heard recently. You can use the people and tools already in your organization to mount an effective defense against the most aggressive attackers across three areas.

Watch Internet-Facing Products

According to Verizon’s Data Breach Investigations Report for 2022, successful ransomware attackers shifted in 2020 from social engineering attacks to targeting exploitable vulnerabilities. Efforts to educate your teams about the dangers of phishing are working, but we can’t claim the win just yet. Attackers have returned to a prior playbook and are exploiting vulnerabilities faster than we can patch them.

The Cybersecurity & Infrastructure Security Agency publishes the Known Exploited Vulnerabilities Catalog. Your best defense against attackers is knowing if any of your internet-facing products are on this list. Experts attribute recent ransomware attacks to the compromise of one of these internet-facing services. Know which of your credit union’s services face the internet, including VPN gateways, websites, online applications and any exposed email relays. Monitor for any appearance of these products in the Known Exploited Vulnerabilities Catalog.

Constantly weeding through a large list of vulnerabilities can be time consuming. Bolster the approach by also following your critical vendors’ social media feeds along with popular cyber threat researchers. These feeds help you discover new vulnerabilities faster, giving you an opportunity to apply patches or document workarounds as soon as they’re published.

Measure service-level agreements for patching discovered vulnerabilities on your internet-facing services by looking at your watch, not your calendar. The minute your perimeter is exposed to an exploitable vulnerability, attackers from across the planet will find it and attempt to exploit it. Fighting back against these attackers by applying a midday patch is paramount, even if it briefly impacts members or your organization.

Protect Remote Access

Ensure multi-factor authentication (MFA) protects all remote access to your internal network. This extra layer of protection will help prevent phishing and other password attacks against your perimeter. Enforcing six-digit PIN codes is the most secure MFA method. Push-to-accept MFA options are convenient, but more susceptible to push-fatigue breaches like the attack that compromised Uber in September 2022. Attackers will bombard users with repeated push-to-accept alerts until the user clicks OK to silence the notifications, allowing the attacker into the trusted network.

Inventory and Defend Internal Networks

With your perimeter in good health, it’s time to defend your internal network. That starts with establishing and maintaining a complete inventory of your network assets. Performing a full network device inventory can be easier if you integrate into your ticketing system or combine the inventory with your vulnerability management platform of choice. Great open-source inventory options are available to ease the burden on your budget. The keys to a successful defense are to ensure the automatic discovery of new assets in your inventory and classify all assets in your inventory. Classification lets you know where to maximize your efforts. There’s a huge difference in the risk of an internet-facing web server compared to an internal printer – your cost to protect can’t exceed the value of the asset.

Everyone knows antivirus, antimalware and other endpoint detect and response (EDR) solutions are critical defense mechanisms. But they only work if adopted across all devices. Make sure you have automatic discovery, installation and updates for your EDR solutions in place across all your servers and PCs. As new devices come onto your network, it is critical to automatically update them with the latest antivirus and antimalware policies.

The best EDR solutions include a host of other defense mechanisms. With an industry-leading endpoint protection solution, you can centrally manage application allow/deny lists, data loss prevention (DLP) profiles, website controls and USB devices throughout your environment. This allows your IT administrators to mount effective defenses against all kinds of modern attacks. With application deny lists, you can block common attacker tools. Effective DLP policies allow you to prevent exfiltration or misuse of sensitive data. Blocking USB devices prevents malware from entering your network through a compromised thumb drive.

After blocking the basics, you can focus on protecting your most critical infrastructure components against more advanced attack methods. Limit access to your tier 0 systems, the keys of your kingdom. Tier 0 systems are those that control the security or identities of your organization. Tier 0 consists of your active directory, email platforms, firewall management utilities, virtualization management, patch management systems, software deployment platforms, anti-virus consoles and any other platforms that manage security for your organization.

Ransomware attackers target tier 0 systems. By taking out a tier 0 system, they control access to every device in your network and can deploy ransomware quickly and easily. Protecting your domain administrators’ group unfortunately isn’t enough. Protecting access to your software deployment and patch management platforms is as important. If a ransomware attacker takes over a group that has administrator rights on all desktops or servers, they can deploy a scheduled task executing ransomware on all machines using a single script.

To protect these privileged groups, each team member that accesses tier 0 must have a separate, MFA-enforced administrator account. This is not only a great preventive measure to combat password and impersonation attacks, but most cyber insurance providers also now require them. Limiting this type of access is fundamental to privileged access management and the principle of least privilege, which have been around for decades.

To learn more about which application control policies to create first, think like an attacker and understand how attackers operate. The MITRE ATT&CK framework creates standard definitions for every modern attack. This framework helps IT administrators understand the commands used to perform reconnaissance, discover important group members, create scheduled tasks, exfiltrate data and encrypt files.

It is easy to think defending your organization from a nation state attacker is something that only the largest organizations with the biggest budgets can take on. That isn’t so. Any organization can defend itself provided you adhere to the most basic concepts and use every tool at your disposal to block the tools and tactics attackers use before they have the chance to use them against you. Success is already at your fingertips. It’s up to you to act.

John Stream is Chief Information Security Officer for SwitchThink Solutions in Phoenix, Ariz.