Surviving a Digital Pearl Harbor

  • February 20, 2020 - by Synoptek
Share Button

In 2002, cybersecurity pioneer Winn Schwartau coined the phrase “Electronic Pearl Harbor” to describe the potential for an event that could compromise the operations of critical infrastructures across large areas of an organization, community, state or nation. In the closing weeks of 2019, The “Season of Giving” was in full form with cybercriminals, and the increase in ransomware attacks has not slowed. The idea that a Digital Pearl Harbor has become a reality for many, as organizations fight to stay ahead of the problems that invite greater risk.  The increase in this nefarious gift that keeps on giving since the start of the new decade shows an alarming number of successful attacks against U.S.-based corporations (more than 600!). Of these attacks, nearly 500 have been targeted against healthcare providers, while another 68 of the attacks targeted public institutions, and 62 of the attacks were focused on school districts, according to the National Law Review.

Cybercrime is not only expensive, but it and related activities pose additional problems for businesses everywhere. The ability to detect a cyber-event continues to become more challenging, with the average discovery-to-resolution taking nearly six months (170 days), according to the Ponemon Institute. Moreover, no industry is immune and depending on the sector determines the type of “Crown Jewels” the bad guys are pursuing. Further to Ponemon’s research, the average annualized cost of cyber-crime incurred by a benchmark sample of U.S. organizations was $12.7 million, which represents a staggering 96% increase over the past five years (during the time of the study).

As a result, organizations experienced a 176% increase in the number of cyber-attacks, with an average of 138 successful attacks per week, compared to 50 attacks per week when the study was first launched 10 years ago, and according to the University of Maryland study on cybercrime, hackers are now attacking a computer somewhere in North America every 39 seconds, and Ransomware is becoming center to the Art of the Steal for acquiring and exploiting protected information.

The EternalBlue and BlueKeep ransomware exploits for example, are hacker tools allegedly designed by and stolen from the National Security Agency, which can be weaponized to enable even more aggressive ransomware attacks like WannaCry and NotPetya. The NSA advisory presented the same mitigation approaches recommended to defend against other BlueKeep exploit types, including disabling remote desktop services if possible, blocking port 3389, and enabling Network Level Authentication (NLA), as practical steps included in a greater security strategy.

More criminals are expected to shift to ransomware because they can now buy ready-made ransomware software from super hackers. These toolkits make it possible for anyone with basic computer skills to launch sophisticated attacks. The good news is that Vigilance and focus are key to reducing the threat footprint and lowering the chances of impact from such an event. Here are a few safety tips to consider when looking at your computing infrastructure and keeping vigilance over those important assets of your business:

One thing that might give people some comfort is that the good news is: many flaws exploited in these attacks are based on known vulnerabilities. This means if you use any sort of computing infrastructure, it is likely that you have the opportunity to prevent most of these attacks from being successful before they can be deployed in your systems.

It is important to prepare your defense so you can respond quickly and effectively during an attack and remediate and restore where necessary after an attack. The first and most cost-effective remedy is prevention.

What This Means for You: 5 Things to Consider:

  1. First & Foremost: Do any of your operations have Windows devices that are vulnerable to BlueKeep / CVE-2019-0708? Maintaining operations with unpatched vulnerable devices is a time bomb waiting to happen.
  2. Patch Patch PATCH! … And Temporarily disable Remote Desktop Protocol (RDP) when and where your operations do not see this as an essential aspect of connectivity. If your  organization runs a supported version of Windows, update your devices. If you are still using unsupported Windows XP or Windows Server 2003, download and apply the patches ASAP.
  3. Ensure RDP is properly Configured. If an organization is required to use RDP, be sure to avoid excessive Internet exposure by limiting remote access to devices only on the LAN, or accessing via a VPN. (Organizations can also use a firewall to filter RDP access by whitelisting a specific IP range).
    • NOTE: Using multi-factor authentication (MFA) can also improve the security of remote sessions.
  4. Enable Network Level Authentication (NLA). Enabling NLA can partially mitigate certain malware vulnerabilities, given that the target-user is required to authenticate before a remote session is established in which the flaw is exploited.
  5. Initiate a multi-faceted IT Security Solution. Detecting vulnerabilities such as these advanced malware attacks, or managing patching tasks, is no small task, especially for geo-distributed enterprise networks. Detailed asset inventories, contextual analysis and network monitoring aid policy adherence and mitigate human error.

But making sure you have everyone on the same page with respect to where “Security” falls into their priorities is also essential, and that means regular briefings, scheduled trainings and tabletop exercises, which keep teams sharp and focused. And while not necessarily turning everyone into a security analyst — it does keep people aware of their surroundings, and that might help keep the bad guys from slipping into the harbor and causing serious damage.