Keep these cyberthug holidays marked on your calendar

19.08.2015
It’s no happy day for enterprises when cyber thugs celebrate their favorite ‘holidays’—special days when they attack with even more cunning and fervor. Learn these days and get ready to respond to related exploitations. 

To prepare for this day and defend the enterprise against such attacks, investigate the availability of extended support offered by the vendor at a premium. Weigh that cost against an investment in deploying the latest software product or version that replaces the older product. Either of these avenues is going to cost you.

If neither option will fit your budget, consider a refresh roadmap that includes well-supported open-source software for applications where the reward outweighs the risk. This software can be more affordable to update.

Since Zero-Days can live so long without patches, patching is a non-starter in those instances where no patch is available. To defend the enterprise in those instances, be ready to discover and remediate attacks quickly and thoroughly. Companies that offer threat intelligence data points about potential indicators of compromise can arm network defenders with advanced warnings, says Margee Abrams, director of security solutions, Neustar. You should baseline, harden, and image endpoint devices so that you can immediately reimage them where anomalies appear outside that baseline, adds Abrams.

To prepare for and defend against Ida Pro Wednesday, enterprises should use ample, layered attack mitigations such as network firewalls, IPS, and network segmentation as buffers until the organization can roll new patches for the reverse engineered patches, Street explains.

To prepare for these surprises, improve your awareness of data in these dumps. Engage qualified threat research teams that monitor the Internet underground for cyber-criminal activities that may heighten just before a dump occurs, says Lazarikos. When dumps do happen, an incident response plan should be in place to enable the organization to research its environment, coordinating internal and external threat research efforts to gauge the damage as it happens and find the source of the attack using forensics tools and experts, says Lazarikos. Use these resources, law enforcement, and remediation technologies and techniques that should already be in place to bring the event to a speedy close.

“Before We Knew It. An Empirical Study of Zero-Day Attacks in the Real World”, Symantec Research Labs, 2012

To defend against this cyber thug celebration, make sure the security team is on high alert and recognizes that this is a critical time for the business, says Argast. Realize that the criminals don’t necessarily need to use a technological attack vector to create havoc here. “They can also use fake press releases to create false, foreboding news about the company. Monitor social and financial networks for information that may be inaccurate and be ready to respond quickly,” says Argast.

Retail security expert Demetrios Lazarikos, CISO, vArmour cites these areas of preparation for preventing the attackers from seeing the most profit on these dates. Use data center / IT and security solutions that are non-intrusive and transparent to stakeholders so that the organization can continually see what is going on inside its systems despite its constant embrace with emerging technologies, according to Lazarikos. “Embed IT solutions that align with digital transformation and evaluate these technologies even during the holiday shopping season. This is the best time to evaluate new systems since this is when the most traffic will visit your environment and when cyber criminals are most active,” says Lazarikos.

During tax time, says Lazarikos, remember that the IRS never sends such emails. They will only make contact through the US mail. “If you are a business owner, employee, or executive who received this, email the IRS about it at phishing@irs.gov,” says Lazarikos. Certainly never open it or follow its instructions. Keep and share clear, highly-visible, company-wide policies about this.

If you’ve been around, you probably know that attacks ebb and flow. If this seems to happen with your organization around particular dates or events, add them to the list to make yourself especially resilient at these times.

(www.csoonline.com)

By David Geer