Feature by Mr. J. Tate, Chief Intelligence Officer, bits&digits, on Peerlyst.com, published June 2016.
Good, Wonderful, Powerful, Monday Morning!!!
This weekend, I had to drive 45 min to a client’s office, because they were infected with Ransomeware and had NO idea What, When, Why, and Where ransomeware are.
(Also, let me be clear. This client was given my number from a previous client. However, they were NOT a client of mine until yesterday, “post event.”)
So, I get a call around 830 pm from a Ms. X explaining how the “system admin company” had been making changes to the system. And in the TEST account, there was an email which appealed to him. I didn’t have the time or the patience to go into the WHY. But, the Subject was very appealing. Mind you upon arrival, I noted no antivirus, a MCSA style Microsoft patch solution, and 83 other “Critical Flaws” a proper vulnerability assessment would have fixed. I digress.
(SUBJECT)
“BREACH SCAM VICTIMS COMPENSATIONS PAYMENTS”
The NERVE!! Not only are they surgically marketing a service that appeals to the same unaware computer user, they have incentivize it. Now if you are like me, after seeing the “African Country known for scamming” play every trick in the book from a prince in Zamunda to your mother’s brother’s cousin being heir to the throne–I’VE SEEN IT ALL. But this one, this takes the cake. This one in this case was loaded with a URL that was to be downloaded to view the attached Claim.
As it turns out, it was a CryptoWall variant. Short and Sweet. We take 1 hour to do a refresher on Email Filtering and training employees what to expect. Another #NoSecret we try to get our clients to adhere to when creating a Information Security Policy is this:
1. NO HTML in email. I wondered for long time why this was important during my young days with the US Government. If one of the main entry ways for malicious code is via email. LOCK IT DOWN. How do you think services like CheetahMail, or Chimp, are able to inform you of “Link Impressions,” or “time recipient spent reading.” (Called insights. My partner has been teaching me the lingo).
Allowing HTML based email is pretty and cool and neat and etc. In contrast, it puts you at risk and your organization at even larger risks if you allow HTML based emails. Yes, there are ways to implement it without causing impact and feel free to ask here or email me about our Immunize System. (No device needed.)
2. Fine tune your personal SPAM filter and have your System engineer walk you through setting up a Content Trap. (If someone says it’s cost prohibitive, look them directly in their eye and let them know what FREE means). SPAM filters, Mail Routers, Host Based Security Systems all have to be “burned in” so to speak. So when your fine tuning, make sure you capture as much as you can when it comes to “trusted communications.”
3. Mail AV. Not Anti-virus that you sit on your exchange server. I’m talking about a AV specifically for Mail Servers looking in locations traditional AV products will not.
4. Train, Test, Train, Test. If you need a 3rd party to come or conduct a remote Spam and Spear Phishing campaign to identify where your weaknesses are.. Do it. And, a few bucks up front will save you a fortune in the future (or when your trying to obtain your Cyber Insurance claim, but they deny it because you do not have a revolving Information Security Testing Program.) (@bitsdigits, we will give free Assessments if you are a member of Peerlyst — no gimmicks)
5. UPDATE EVERYTHING. When I asked the System Admin about their patch management solution and the response was MBSA, I knew it was going to be a night.
Certainly, these are just a few of the top mitigations that can help. But, seek a professional if you don’t have one already. We are a tech and vendor agnostic firm. Therefore, if you have a question about a consultant, a product, or solution, ENGAGE US. We are always here to help. #NOCharge. Furthermore, we write monthly periodicals illuminating issues our readers want to see. So if the peerlyst community wants to have piece of the pie…
/R
J.
