Hey Spiceheads,
Some of you may have heard about the recent ransomware attack on a collection US credit unions. Over 60 of them got hit by a ransomware attack. The tech company they all used, Ongoing Operations (which redditors found terribly ironic), got hacked. Thankfully there was no monetary value stolen which would have been up to $250K.
The tech pros think it was this Citrix Bleed glitch that let the hackers in. So far, it looks like any personal info is okay (phew!) but places like Mountain Valley Credit Union in New York are in fix-it mode right now.
But incidents like this just beg the question on how we can battle cyber attacks like this? Especially in regards to the financial sector which is obviously one of the highest targets of these attacks.
From this I wanted to ask what the IT pros of the Spiceworks community’s best tips and tricks for battling these attacks? Are there any best practices that you love? Any product’s that have saved your bacon? Let me know down below and for anyone interested you can read the article regarding the above attack here
Stay safe out there!
18 Spice ups
kevinhsieh
(kevinmhsieh)
2
Patch your sh*t.
Scan network daily for inventory of gear and vulnerabilities so you know what to patch and what is exposed.
Pay attention to places that announce new vulnerabilities, such as Spiceworks. My SOC provides a newsletter that informs us of major news events, like the discovery of Citrix Bleed so that we can take corrective action.
Have secure backups.
Use MFA. Use MFA to prevent initial access. Use MFA to help prevent and identify lateral movement.
4 Spice ups
As much as Citrix charges, you think they would financially responsible for some of this. But it is still up to the company that uses their product to fix what happens.
1 Spice up
rockn
(Rockn)
4
Being a bank you think their IT teams would be more focused on security and mitigating the risk for anything publicly facing. I would think there should be some hefty fines coming their way.
5 Spice ups
outnlimbo
(Jeff_D)
5
I would recommend a layers-on-layers approach like an onion!
1 Spice up
Considering recent ransomware incident targeting US credit unions, a proactive strategy entails conducting daily scans for network vulnerabilities. IT teams must give precedence to security efforts, concentrating on minimizing risks linked to public-facing components. The increasing sophistication of ransomware attacks demands a stronger and more strategic counteraction. Underscoring the significance of data backup has become imperative to fortify resilience against advancing and refined cyber threats.
1 Spice up
kevinhsieh
(kevinmhsieh)
8
Given that is wasn’t the credit union’s stuff that was attacked, but rather one of their key technology suppliers, not a whole lot to be done in this instance, unless you want to either scan your supplier’s public infrastructure, or get reports on it. Probably need some higher lever agreement on what the supplier will do to maintain security. Heck, we’re getting these questionnaires ourselves before some companies will do business with us.
3 Spice ups
Working in finance…yes, patch religiously, and maintain MANY layers of security, don’t manage your network perimeter yourself, but pay someone boatloads of money to do it (cause they know how to do it better than you do) and MONITOR EVERYTHING ALL THE TIME.
It kills me when these companies come out and say they’ve had the bad guys in their network for 6 months and they didn’t know it…someone is NOT paying enough attention!
2 Spice ups
egp_dave
(egp_dave)
10
Simplify, simplify, simplify. Vendors want to push these complicated “solutions” that just cost money and don’t really help operations at all. Commerce got by without computers for centuries but now we can’t blow our noses without an Internet portal. Its just crazy.
1 Spice up
rockn
(Rockn)
11
I agree with most of what you are saying, but making banking options that work for people is a good thing. It is a cost vs risk thing that I don’t think many banks think about or take seriously. They are of the mindset that they have insurance and paying out for the one off security breach is worth it, customers be damned.
Exactly and 6 months is only the average time ad actors spend in a network, sometimes its even longer and it’s scary to think what they can become capable of with each month they go undetected
vane0326
(vane0326)
13
Try to limit third-party vendors having access to your network.
For instant, a lot companies will use third-party companies to provide Phishing awareness training services. And some of these companies will want you to add them to your SPF record and whitelist a bunch of domains and ip addresses - if one can use their own imagination, this can be a potential disaster.
As for me, I use Microsoft built-in Phishing awareness training modules and simulation attacks. Is it as nice and slick like the other competitors - no, but it does the job. I do not need to whitelist any domains nor ip addresses.
Also, companies will need to invest an MDR solution. Companies need round the clock 24/7 to monitor the network. MDR vendors should be able to ingest logs. If anything flags red then you should be notified.
1 Spice up
Drop companies like Citrix like the sacks of S they are… They get bought out, cut their security dev staff and don’t care about anything but profit.
Having MULTIPLE 10 CVE’s in a single year is unacceptable.
Beyond that, it’s your DR plan. Make it, TEST it, Improve it.
Immutable backups, offsite backups, 3-2-1 is the bare minimum now.
Also having good vendors and knowing who to call when a disaster strikes will save you valuable time.
3 Spice ups
