threatpost.com
Open in
urlscan Pro
35.173.160.135
Public Scan
URL:
https://threatpost.com/harsh-truths-cybersecurity-tips/178311/
Submission: On March 09 via api from US — Scanned from DE
Submission: On March 09 via api from US — Scanned from DE
Form analysis 4 forms found in the DOM
POST /harsh-truths-cybersecurity-tips/178311/#gf_5
<form method="post" enctype="multipart/form-data" target="gform_ajax_frame_5" id="gform_5" action="/harsh-truths-cybersecurity-tips/178311/#gf_5">
<div class="gform_body gform-body">
<ul id="gform_fields_5" class="gform_fields top_label form_sublabel_below description_below">
<li id="field_5_8" class="gfield field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label screen-reader-text" for="input_5_8">Your name</label>
<div class="ginput_container ginput_container_text"><input name="input_8" id="input_5_8" type="text" value="" class="medium" placeholder="Your name" aria-invalid="false"> </div>
</li>
<li id="field_5_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label screen-reader-text" for="input_5_1">Your e-mail address<span
class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label>
<div class="ginput_container ginput_container_email">
<input name="input_1" id="input_5_1" type="text" value="" class="medium" placeholder="Your e-mail address" aria-required="true" aria-invalid="false">
</div>
</li>
<li id="field_5_9" class="gfield js-kaspersky-gform-recaptcha-placeholder gform_hidden field_sublabel_below field_description_below gfield_visibility_hidden">
<div class="ginput_container ginput_container_text"><input name="input_9" id="input_5_9" type="hidden" class="gform_hidden" aria-invalid="false" value=""></div>
</li>
<li id="field_5_2" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label screen-reader-text gfield_label_before_complex"><span
class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label>
<div class="ginput_container ginput_container_checkbox">
<ul class="gfield_checkbox" id="input_5_2">
<li class="gchoice gchoice_5_2_1">
<input class="gfield-choice-input" name="input_2.1" type="checkbox" value="I agree" id="choice_5_2_1">
<label for="choice_5_2_1" id="label_5_2_1">I agree to my personal data being stored and used to receive the newsletter</label>
</li>
</ul>
</div>
</li>
<li id="field_5_5" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label screen-reader-text gfield_label_before_complex"><span
class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label>
<div class="ginput_container ginput_container_checkbox">
<ul class="gfield_checkbox" id="input_5_5">
<li class="gchoice gchoice_5_5_1">
<input class="gfield-choice-input" name="input_5.1" type="checkbox" value="I agree" id="choice_5_5_1">
<label for="choice_5_5_1" id="label_5_5_1">I agree to accept information and occasional commercial offers from Threatpost partners</label>
</li>
</ul>
</div>
</li>
<li id="field_5_10" class="gfield gform_validation_container field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label" for="input_5_10">Name</label>
<div class="ginput_container"><input name="input_10" id="input_5_10" type="text" value=""></div>
<div class="gfield_description" id="gfield_description_5_10">This field is for validation purposes and should be left unchanged.</div>
</li>
</ul>
</div>
<div class="gform_footer top_label"> <input type="submit" id="gform_submit_button_5" class="gform_button button screen-reader-text" value="Subscribe"
onclick="if(window["gf_submitting_5"]){return false;} window["gf_submitting_5"]=true; "
onkeypress="if( event.keyCode == 13 ){ if(window["gf_submitting_5"]){return false;} window["gf_submitting_5"]=true; jQuery("#gform_5").trigger("submit",[true]); }" disabled="disabled"
style="display: none;"> <input type="hidden" name="gform_ajax" value="form_id=5&title=&description=&tabindex=0">
<input type="hidden" class="gform_hidden" name="is_submit_5" value="1">
<input type="hidden" class="gform_hidden" name="gform_submit" value="5">
<input type="hidden" class="gform_hidden" name="gform_unique_id" value="">
<input type="hidden" class="gform_hidden" name="state_5" value="WyJbXSIsImIwODQwZTA2ZGQ0NzYwODcyOTBkZjNmZDM1NDk2Y2ZkIl0=">
<input type="hidden" class="gform_hidden" name="gform_target_page_number_5" id="gform_target_page_number_5" value="0">
<input type="hidden" class="gform_hidden" name="gform_source_page_number_5" id="gform_source_page_number_5" value="1">
<input type="hidden" name="gform_field_values" value="">
</div>
<p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js" name="ak_js" value="1646823471281">
<script>
document.getElementById("ak_js").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>GET https://threatpost.com/
<form class="c-site-search__form" role="search" method="get" action="https://threatpost.com/">
<input type="text" class="c-site-search__field" name="s" placeholder="Search">
<button type="submit" class="c-button c-button--secondary c-button--smaller c-site-search__button" value="Search"><svg class="icon fill">
<use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg#icon-search"></use>
</svg> Search</button>
<div class="c-site-search__overlay"></div>
</form>POST https://threatpost.com/wp-comments-post.php
<form action="https://threatpost.com/wp-comments-post.php" method="post" id="commentform" class="comment-form">
<div class="o-row">
<div class="o-col-12@md">
<div class="c-form-element"><textarea id="comment" name="comment" cols="45" rows="8" aria-required="true" placeholder="Write a reply..."></textarea></div>
</div>
</div>
<div class="o-row">
<div class="o-col-6@md">
<div class="c-form-element"><input id="author" name="author" placeholder="Your name" type="text" value="" size="30"></div>
</div>
<div class="o-col-6@md">
<div class="c-form-element"><input id="email" name="email" placeholder="Your email" type="text" value="" size="30"></div>
</div>
</div>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="c-button c-button--primary" value="Send Comment"> <input type="hidden" name="comment_post_ID" value="178311" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="3bd087d9f3"></p><!-- the following input field has been added by the Honeypot Comments plugin to thwart spambots -->
<input type="hidden" id="rR1ReAFlvC08l6gq8doTpZ6p0" name="7c74LVKUNkxunMjXmsEmhck3q">
<script type="text/javascript">
document.addEventListener("input", function(event) {
if (!event.target.closest("#comment")) return;
try {
grecaptcha.render("recaptcha-submit-btn-area", {
"sitekey": "6LfsdrAaAAAAAMVKgei6k0EaDBTgmKv6ZQrG7aEs",
"theme": "standard"
});
} catch (error) {
/*possible duplicated instances*/ }
});
</script>
<script src="https://www.google.com/recaptcha/api.js?hl=en&render=explicit" async="" defer=""></script>
<div id="recaptcha-submit-btn-area"> </div>
<noscript>
<style type="text/css">
#form-submit-save {
display: none;
}
</style>
<input name="submit" type="submit" id="submit-alt" tabindex="6" value="Submit Comment">
</noscript>
<p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js" name="ak_js" value="172">
<script>
document.getElementById("ak_js").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>GET https://threatpost.com/
<form class="c-site-search__form" role="search" method="get" action="https://threatpost.com/">
<input type="text" class="c-site-search__field" name="s" placeholder="Search">
<button type="submit" class="c-button c-button--secondary c-button--smaller c-site-search__button" value="Search"><svg class="icon fill">
<use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg#icon-search"></use>
</svg> Search</button>
<div class="c-site-search__overlay"></div>
</form>Text Content
Newsletter
SUBSCRIBE TO OUR THREATPOST TODAY NEWSLETTER
Join thousands of people who receive the latest breaking cybersecurity news
every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn
Park, Woburn, MA 01801. Detailed information on the processing of personal data
can be found in the privacy policy. In addition, you will find them in the
message confirming the subscription to the newsletter.
* Your name
* Your e-mail address*
*
* *
* I agree to my personal data being stored and used to receive the
newsletter
* *
* I agree to accept information and occasional commercial offers from
Threatpost partners
* Name
This field is for validation purposes and should be left unchanged.
Δ
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn
Park, Woburn, MA 01801. Detailed information on the processing of personal data
can be found in the privacy policy. In addition, you will find them in the
message confirming the subscription to the newsletter.
Threatpost
* Podcasts
* Malware
* Vulnerabilities
* InfoSec Insiders
* Webinars
*
*
*
*
*
*
*
Search
* MoleRats APT Flaunts New Trojan in Latest Cyberespionage CampaignPrevious
article
* Cybercriminals Swarm Windows Utility Regsvr32 to Spread MalwareNext article
InfoSec Insider
3 TIPS FOR FACING THE HARSH TRUTHS OF CYBERSECURITY IN 2022, PART I
Author: Sonya Duffin
February 9, 2022 4:06 pm
4 minute read
Write a comment
Share this article:
*
*
Sonya Duffin, ransomware and data-protection expert at Veritas Technologies,
shares three steps organizations can take today to reduce cyberattack fallout.
Be forewarned—I’m about to lay down some harsh truths here.
First, ransomware is prevalent, and there is no way to completely eliminate the
threat.
Second, at this point, you should operate under the assumption that hackers are
already in your systems or could easily access them at any moment. It should
come as no surprise when I tell you that the sophisticated cybercriminals behind
today’s ransomware threats have been consistently getting past even the best
frontline security — and for a while now.
Third, cybercriminals may know your systems and infrastructure better than you
do. Once in, their strategy is to lay low and remain hidden while they learn as
much as they can. Then they strike at the optimal time to inflict as much damage
as possible to ensure a hefty payday.
So now what?
The good news is that there are practices and technologies that can help you
detect threats before the bad actors can take action. There are also strategies
that you can use to reduce your attack surface while preventing large-scale
disruption and disablement once they are inside your environment.
With that in mind, this two-part series will outline the top six steps you
should take right away to ensure resiliency in the face of this ever-present
threat. Let’s begin with the first three.
GET FULL INFRASTRUCTURE AWARENESS
Attackers are looking for your weakest links, and the dark corners where there
may be limited security and oversight in your environment. So, it’s vital to
implement tools that provide full infrastructure awareness by shining a light on
all the dark data in your environment. According to the recently published
Veritas Vulnerability Lag research (PDF here), 35 percent of data is still dark.
That is alarmingly high. Get to work on knowing what data you have and where it
is ASAP.
Important reminder: In addition to full visibility of everything in your
environment, it is also vital to have clear hard-copy documentation on the
details of your environment, like procedures and configurations—including IP
addresses, passwords etc.—to help aid with recovery. Missing these details can
keep you and your team from being able to quickly recover in the chaos of an
attack. Store these in a safe that is checked and updated regularly.
AUTOMATE ALERTS FOR ANOMALOUS BEHAVIOR
Implement tools that can provide you with detection of anomalous behaviors or
activities associated with both data and user activity across your entire
environment. It’s important that the detection capabilities can run
autonomously, without the need for manual steps.
Alerting your teams to anything anomalous or out of the ordinary will provide
you with the upper hand, and a chance to act before the cybercriminals or a
malicious code attack. This could be things like unusual file-write activity
that could indicate an infiltration, but it could also be detecting known
ransomware file extensions, file access patterns, traffic patterns, code
downloads, access requests, storage capacity surges, external traffic paths or
even an unusual jump in activity compared to individuals’ typical patterns.
For example, in the infamous SolarWinds hack, hackers used a regular software
update to slip some elegant and innovative malicious code into a multitude of
companies’ networks, using the SolarWinds software.
For more than nine months they roamed around high-profile and sensitive
companies, hiding in plain sight while learning their systems and gathering
intelligence. Their mistake came when they started roaming around the
cybersecurity company FireEye.
The security team at FireEye noticed suspicious activity — someone trying to
register a second phone onto the company network. Finding it odd that an
employee would have two phones, they jumped into action and called the user.
Surprise! That user did not register that phone and had no idea who did. Thanks
to the vigilance of FireEye, which investigated out-of-the-ordinary activity,
the broader intrusions came to light.
Important reminder: Conduct cyber-threat hunts regularly. Take it seriously and
implement protocols for investigating anomalous behaviors. Hire a third-party
agency to audit your strategy, check your work and find vulnerabilities.
LIMIT ACCESS & REDUCE YOUR ATTACK SURFACE
After sneaking into your environment, cybercriminals often search for
confidential information or login credentials that will allow them to move
laterally across your environment. This means that they can also gain access to
your backup systems and will attempt to eliminate recovery options.
There are a few things that you can do to help mitigate this practice:
1. For starters, limit what and where each set of credentials can operate, and
have different passwords for every domain.
2. Make sure that there is not one god-admin that can do everything.
3. It is also important to lock down or limit executives’ access, as they are
often easy targets.
4. Just as important, limit admin access and privileges, especially to backups.
5. Another common practice is to implement zero-trust approaches with
multifactor authentication (MFA) and role-based access controls.
6. Also vital is to segment or microsegment your network into multiple zones of
smaller networks and ensure access is managed and limited, especially to
your most crucial data.
7. Many organizations are also moving towards a just-in-time security practice
where access is granted on an as-needed basis or for a predetermined period
of time, which is something to consider for crucial and business-critical
data.
By building a variety of barriers, bad actors will be contained and prevented
from moving around your environments. They are essentially stopped in their
tracks. So, get creative—meaning, set up a system unique to your needs and
security requirements.
When the Metropolitan Transportation Authority of New York was hacked last
April, attackers did not gain any access to systems that control train cars nor
was any customer information compromised. Why? Because they have a multilayered,
segmented network of more than 18 different systems, only three of which were
compromised. Thanks to this great system, the threat actors were prevented from
moving throughout the system, the event was isolated and systems were restored
quickly.
Important reminder: Create a walled-off network that looks exactly like your
production network, but with different management credentials. Share nothing
with your production networks except access to immutable storage. You can use
this space to recover your data and services and scrub your data of malware. It
is also a great place to test recovery.
Stay tuned for part two in this series, where I’ll cover the remaining three of
the top six steps you should take today to ensure ransomware resiliency in
today’s rapidly evolving cybersecurity landscape.
Sonya Duffin is a ransomware and data protection expert at Veritas Technologies.
Enjoy additional insights from Threatpost’s Infosec Insiders community by
visiting our microsite.
Write a comment
Share this article:
* Breach
* Cloud Security
* InfoSec Insider
* Malware
SUGGESTED ARTICLES
MICROSOFT ADDRESSES 3 ZERO-DAYS & 3 CRITICAL BUGS FOR MARCH PATCH TUESDAY
The computing giant patched 71 security vulnerabilities in an
uncharacteristically light scheduled update, including its first Xbox bug.
March 8, 2022
THE UNCERTAIN FUTURE OF IT AUTOMATION
While IT automation is growing, big challenges remain. Chris Hass, director of
information security and research at Automox, discusses how the future looks.
March 8, 2022
BUG IN THE LINUX KERNEL ALLOWS PRIVILEGE ESCALATION, CONTAINER ESCAPE
A missing check allows unprivileged attackers to escape containers and execute
arbitrary commands in the kernel.
March 8, 2022
DISCUSSION
LEAVE A COMMENT CANCEL REPLY
Δ
This site uses Akismet to reduce spam. Learn how your comment data is processed.
INFOSEC INSIDER
* THE UNCERTAIN FUTURE OF IT AUTOMATION
March 8, 2022
* 6 CYBER-DEFENSE STEPS TO TAKE NOW TO PROTECT YOUR COMPANY
February 25, 2022
1
* THE HARSH TRUTHS OF CYBERSECURITY IN 2022, PART II
February 24, 2022
2
* 3 TIPS FOR FACING THE HARSH TRUTHS OF CYBERSECURITY IN 2022, PART I
February 9, 2022
* ‘LONG LIVE LOG4SHELL’: CVE-2021-44228 NOT DEAD YET
February 4, 2022
Newsletter
SUBSCRIBE TO THREATPOST TODAY
Join thousands of people who receive the latest breaking cybersecurity news
every day.
Subscribe now
NEXT 00:02 01:35 360p 720p HD 1080p HD Auto (360p) About Connatix V154012 Closed
Captions About Connatix V154012
1/1 Skip Ad Continue watching after the ad Visit Advertiser websiteGO TO PAGE
SUBSCRIBE TO OUR NEWSLETTER, THREATPOST TODAY!
Get the latest breaking news delivered daily to your inbox.
Subscribe now
Threatpost
The First Stop For Security News
* Home
* About Us
* Contact Us
* Advertise With Us
* RSS Feeds
* Copyright © 2022 Threatpost
* Privacy Policy
* Terms and Conditions
* Advertise
*
*
*
*
*
*
*
TOPICS
* Black Hat
* Breaking News
* Cloud Security
* Critical Infrastructure
* Cryptography
* Facebook
* Government
* Hacks
* IoT
* Malware
* Mobile Security
* Podcasts
* Privacy
* RSAC
* Security Analyst Summit
* Videos
* Vulnerabilities
* Web Security
Threatpost
*
*
*
*
*
*
*
TOPICS
* Cloud Security
* Malware
* Vulnerabilities
* Privacy
Show all
* Black Hat
* Critical Infrastructure
* Cryptography
* Facebook
* Featured
* Government
* Hacks
* IoT
* Mobile Security
* Podcasts
* RSAC
* Security Analyst Summit
* Slideshow
* Videos
* Web Security
AUTHORS
* Tara Seals
* Tom Spring
* Lisa Vaas
THREATPOST
* Home
* About Us
* Contact Us
* Advertise With Us
* RSS Feeds
Search
*
*
*
*
*
*
*
InfoSec Insider
INFOSEC INSIDER POST
Infosec Insider content is written by a trusted community of Threatpost
cybersecurity subject matter experts. Each contribution has a goal of bringing a
unique voice to important cybersecurity topics. Content strives to be of the
highest quality, objective and non-commercial.
Sponsored
SPONSORED CONTENT
Sponsored Content is paid for by an advertiser. Sponsored content is written and
edited by members of our sponsor community. This content creates an opportunity
for a sponsor to provide insight and commentary from their point-of-view
directly to the Threatpost audience. The Threatpost editorial team does not
participate in the writing or editing of Sponsored Content.
We use cookies to make your experience of our websites better. By using and
further navigating this website you accept this. Detailed information about the
use of cookies on this website is available by clicking on more information.
ACCEPT AND CLOSE
Notifications