Infographic: 6 steps for defending against Ransomware (one-pager)

Page 1

66

CYBERSECURITY FUNDAMENTALS

STEPS FOR DEFENDING AGAINST RANSOMWARE Known vulnerabilities are one of the most commonly used entry points for ransomware exploits. Once inside, attackers target Active Directory (AD) weaknesses to escalate privileges and propagate code across the organization. One of the most effective ways to stop ransomware attacks is to focus on the fundamentals, such as taking a risk-based approach to vulnerability remediation and regularly ­ĮĮÐĮĮðĊæ # ÆďĊťæķī­ĴðďĊĮȘ To help you get started, here are six steps to take for improving your security defenses against ransomware:

STEP 1

SCAN OFTEN, SCAN EVERYTHING More and more ransomware strains are using software vulnerabilities as the initial attack vector with ransomware groups like REvil/Sodinokibi targeting Oracle WebLogic (CVE-2019-2729) and Pulse Secure (CVE-2019-11510Ȩ ŒķăĊĮȘ }ìÐĮÐ Ŧ­œĮ ĴÐĊÌ Ĵď ÅÐ ďăÌÐī ­ĊÌ œÐăă āĊďœĊș Įď ðĴȸĮ ÐĮĮÐĊĴð­ă Ĵď ÆďĊĴðĊķďķĮăř ­ĮĮÐĮĮ řďķī entire attack surface - especially web apps, remote access infrastructure and OT devices - as your environment changes and new vulnerabilities appear.

STEP 2

HARDEN AD TO PROTECT YOUR CROWN JEWELS

Ransomware groups have ditched their custom spreader code used to propagate attacks in favor of a more effective technology already present in organizations: Active Directory. Active Directory (AD) contains the āÐřĮ Ĵď ĴìÐ āðĊæÌďĉ œðĴì ăďæðĊ ÆīÐÌÐĊĴð­ăĮș ÆďĊťæķī­ĴðďĊ ĮÐĴĴðĊæĮ ­ĊÌ ­ÆÆÐĮĮ ĨďăðÆðÐĮ åďī ­ăă ķĮÐīĮș ÐĊÌĨďðĊĴĮș applications and servers. You need to ensure that # ðĮ ŒďðÌ ďå ÆīðĴðÆ­ă ĉðĮÆďĊťæķī­ĴðďĊĮ that would allow attackers to deploy their payload throughout IT systems and end-user devices.

STEP 3

DE-ESCALATE PRIVILEGE ESCALATION

LķĮĴ ­Į ­ĊĴðĉ­ăœ­īÐ ĮďåĴœ­īÐ ĮÆ­ĊĮ ðĊÌďœĮ åďī ķĊķĮķ­ă ťăÐĮ ­ĊÌ ĨīďÆÐĮĮÐĮș ðĴ ðĮ ðĉĨďīĴ­ĊĴ Ĵď ĉďĊðĴďī # for unusual activity. With the right intelligence, AD changes, Syslog changes and Windows event logs can be ÆďīīÐă­ĴÐÌ Ĵď īЌЭă ĉðĮķĮÐĮ ďå ĨīðŒðăÐæÐÌ ­ÆÆďķĊĴĮ ­ĊÌ ­ÆĴðŒÐ ĉðĮÆďĊťæķī­ĴðďĊ ÐŘĨăďðĴĮȘ ķæĉÐĊĴÐÌ œðĴì ĴìðĮ technology, incident response teams can proactively stop ransomware attacks from spreading via AD. Integrate this data with your SIEM to collect information forwarded from the Windows Server event logs and other systems.

STEP #4

PRIORITIZE USING PREDICTION

You cannot patch everythingș ­ĊÌ ĴìÐ æďďÌ ĊÐœĮ ðĮ Ĵì­Ĵ řďķ ÌďĊȸĴ 쭌РĴďȘ }­āÐ ­ÌŒ­ĊĴ­æÐ ďå īЭăȭĴðĉÐ ĴìīЭĴ intelligence to understand the latest attack paths used by ransomware groups and guide your remediation ĮĴī­ĴÐæřȘ ķĴ Ĵì­ĴȸĮ ĊďĴ ­ăăȘ ķăĊÐī­ÅðăðĴðÐĮ Ĵ­īæÐĴÐÌ Åř ī­ĊĮďĉœ­īÐ ÐŘĨăďðĴĮ ĴÐĊÌ Ĵď ÆăķĮĴÐī ­īďķĊÌ ĮĨÐÆðťÆ ĴřĨÐĮ of weaknesses and asset categories. This allows savvy defenders to predict which vulnerabilities will likely be exploited in ransomware attacks and proactively address them before there is a business impacting event.

STEP #5

REMEDIATE LIKE YOUR ORGANIZATION DEPENDS UPON IT

Too often, vulnerabilities targeted for remediation are never fully remediated. While security teams are responsible for detecting and prioritizing vulns, patching them is the responsibility of IT operations and ÌÐŒÐăďĨÐīĮ œìď ĮĨЭā ­ ÌðååÐīÐĊĴ ă­Ċæķ­æÐ ­ĊÌ ì­ŒÐ ÌðååÐīÐĊĴ æď­ăĮȘ AĴȸĮ ĉďīÐ ðĉĨďīĴ­ĊĴ Ĵì­Ċ ÐŒÐī Ĵì­Ĵ řďķī tðĮāȭÅ­ĮÐÌ ķăĊÐī­ÅðăðĴř T­Ċ­æÐĉÐĊĴ ĮďăķĴðďĊĮ integrate with your ITSM and ticketing systems to automate œďīāŦďœĮș ÆďīīÐă­ĴÐ ŒķăĊÐī­ÅðăðĴðÐĮ œðĴì Ĩ­ĴÆìÐĮș ­ĊÌ ŒÐīðåř Ĵì­Ĵ ­ăă ðĊĮĴ­ĊÆÐĮ ďå ­ ŒķăĊÐī­ÅðăðĴř 쭌РÅÐÐĊ Ĩ­ĴÆìÐÌ or remediated by a compensating control.

STEP #6

MEASURE TO IMPROVE YOUR GAME

wķÆÆÐĮĮåķă ĴЭĉĮ Ĵ­āÐ ĴðĉÐ Ĵď īÐŦÐÆĴ ďĊ ìďœ ĴìÐř ­īÐ ĨÐīåďīĉðĊæș ­ĊÌ ĮÐÆķīðĴř ðĮ Ċď ÌðååÐīÐĊĴȘ }ìðĮ īÐĪķðīÐĮ developing key metrics to measure and communicate how your operational controls are working (or not working) and benchmarking data to compare performance across internal groups or externally against your peers. Metrics should cover foundational cyber hygiene practices such as your assessment capabilities, remediation speed and overall cyber risk reduction.

HOW TENABLE HELPS

wÐÐ ìďœ }ÐĊ­ÅăÐȘ­Ì ĨīÐÌðÆĴĮ ĴìÐ ÆĴðŒÐ #ðīÐÆĴďīř Ŧ­œĮ ransomware will leverage to deploy code across your entire organization and detect indicators of attacks in real time.

Speak with us today about your project MORE USLEARN 770-606-8442 | CAN 416-410-5599

sales@complytec.com

MORE INFORMATION

wÐÐ ìďœ }ÐĊ­ÅăÐȘÐĨ ìÐăĨĮ ĨīÐÌðÆĴ A} Ŧ­œĮ ī­ĊĮďĉœ­īÐ œðăă leverage to disrupt your business and measure how effective you are at addressing them. LEARN MORE

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.