More than 1,000 brilliant hacker engineers from a foreign country have worked tirelessly to target SolarWinds, the popular network management software that organizations and government agencies use worldwide. The sophisticated hack exploited the vulnerability of Microsoft Exchange Servers, resulting in many emails being compromised globally.
What is worse, the attack has many other hacking groups jumping on the bandwagon. All want to take advantage of Microsoft Exchange Servers’ vulnerability. Microsoft has released patches and urged Exchange Server users to quickly patch the servers.
The hack’s seriousness has led President Biden to set up an urgent task force to address the problem. However, according to Brandon Wales, the acting director of the U.S. Cybersecurity and Infrastructure Agency (CISA), it will take 12 to 18 months for most of the agencies to rebuild the functions lost or compromised during the attack.
The SolarWinds attack has served as a serious warning that cyber-threats are real and no one is immune. Cyberattacks come in all forms. The hackers’ intent could be to disrupt, as in the case of mass distributed-denial-of-service attacks, to steal valuable data, or for monetary gain.
Ransomware is malware used by hackers to target victims and demand a ransom. Ransomware comes in different flavors such as Ryuk, REvil, RobbinHood, BitPaymer, SamSam, and more. Ransomware encrypts computer files. Next, hackers demand a ransom in exchange for the decryption key. If the ransom payment is refused, the user will never be able to recover the locked files. In March of this year, it was reported that Acer was attacked by REvil for a ransom amount of $50 million. The ransom amount may go higher in the future.
Most recently, a new kind of ransomware, DearCry, has shown up. Up to this point, most ransomware would encrypt the files of a computer system but leave the encrypted files in the same logical sector of the storage drive. However, DearCry encrypts a file and installs it in a different logical sector. What’s more, DearCry also overwrites the original file. The new and more notorious ransomware has now taken advantage of the vulnerabilities of the unpatched Microsoft Exchange Servers to infect more systems and demand ransoms.
How to Counter the Attacks
Cyber-threats are moving targets. As long as there is money to be made and valuable data to be stolen, hackers will be busily inventing new malware. A system that is secure today may not be tomorrow. Corporations, enterprises, and government agencies are constant targets of hackers and they face cyber-threats 24/7. So what can be done?
Much like defense in the military, troops need to be well-trained, equipped with the right gear, and rapidly deployable. To achieve cybersecurity, three basic ingredients are required:
- • A cybersecurity mindset
- • The right tools
- • A counter-cyber-threat process
A Cybersecurity Mindset
To counter the ever-increasing cyber-threats, a new cybersecurity mindset is required. Gone are the days of companies thinking cybersecurity is simply having the IT department occasionally run scanning software, with responsibility for cybersecurity falling entirely on the IT department.
Led by the CEO, CIO, and/or the chief of security, today’s organizations must have a clear vision and resources to fight the onslaught of cyber-threats. The cybersecurity team, whether it is internally staffed or outsourced, needs to be well-trained, well-funded, and ready to deploy at a moment’s notice. The corporate cybersecurity function needs to have high-level visibility and support because hackers wait for no one.
The Right Tools
It is important to have the right technology (system, software, hardware) in place (see “What you need to know” below).
A Counter-Cyber-Threat Process
Modern-day cyber-threats are becoming increasingly alarming. The attacks’ frequency, intensity, and sophistication are growing. To counter the threats, it is critical to have a counterthreat process in place. This process should include the following steps:
- 1. Have an expert-level threat-monitoring and detection function in place. This includes constant monitoring, scanning, hunting for viruses, and flagging suspicious network and system behaviors.
- 2. Establish a secure system architecture design to respond to attacks. When, not if, a breach occurs, the system should block, isolate, and lock down certain functions to prevent further assaults. At the very least, make it as difficult as possible for the attackers. The goal is to keep damage and disruption to a minimum.
- 3. The IT and support team should be well-trained and ready to train other staff members and employees on how to react when a breach occurs. This is not a time to panic but rather to take the necessary steps to do damage control. As with fighting forest fires, the captain always has a plan to fight the fire and prevent it from spreading further.
What You Need to Know
The following important resources are available to help you get ready to fight cyber-threats:
1) Most Effective Cybersecurity Technologies
Achieving cybersecurity can be a complex process with many considerations. The Dark Reading 2020 Strategic Security Survey report surveyed 190 IT and cybersecurity professionals at companies with at least 100 employees. The survey found that the top eight most effective cybersecurity technologies are endpoint protection, next-generation firewalls, VPNs, data encryption, email security/spam filtering, vulnerability assessment/penetration testing, antivirus/anti-malware, and identity management. As shown in the below table, there are many more technology considerations.
2) Hardware Security
More and more cybersecurity protection responsibility falls on hardware, including the silicon building blocks. To protect against attacks such as side-channel and Rowhammer, consider security solutions including crypto acceleration, true random-number generators, memory encryption, and secure boot.
3) Security Standards and Compliance
More and more standards organizations, such as the International Organization for Standardization (ISO) and International Society of Automation (ISA), are developing international standards to help organizations and developers fight cybercrimes.
For example, the ISA Global Cybersecurity Alliance (ISAGCA) has recently released the ISA/IEC 62443 Series of Standards focusing on industrial control systems. This is the first of its kind. It provides an overview and guidelines to security professionals in various roles to learn how to protect against threats in the industrial automation and control industry. Additionally, it recommends software patches along with a comprehensive and systematic approach to applying cybersecurity in industrial operations with risk assessment guidelines. Other standards such as the ASIL/ISO 26262, DIS ISO/SAE 21434, SAE’s J3101 (for automotive), and ISO 14971:2019 (for medical) are also available.
Following these standards would greatly enhance the capability of fighting cyber-threats.
4) Support from MITRE
MITRE is a not-for-profit, federally funded R&D group that works with public and private sectors to fight ransomware threats by sharing its cyber-threat knowledge. Its wealth of knowledge includes artificial intelligence, intuitive data science, quantum information science, space security, health informatics, cyber-threat and cyber-resilience, and health informatics.
5) Cybersecurity in the 5G Era
The benefits of 5G are shared not only by the industry, government, and academia but by cybercriminals as well. As wireless connections are becoming more prevalent and faster, cybercriminal activities will also increase.
5G Americas, an industry trade organization, advocates the advancement of 5G throughout the Americas, providing information such as how to secure 5G-related design and system architecture. The organization recommends a seven-layer approach to threat intelligence with layers ranging from the IP address layer to the unsupervised machine-learning layer. Additional guidelines are available from its “Security Considerations for the 5G Era” white paper. It provides practical help in designing systems in relation to 5G.
6) The IoT Cybersecurity Improvement Act
With all these cyberattack activities going on, the government is taking action to address the issue head on. In 2020, the IoT Cybersecurity Improvement Act was passed. The National Institute of Standards and Technology (NIST) will be developing recommendations for the government on edge computing security, which will help the private sector as well.
7) Implementing a Cybersecurity Plan that Works for You
Everything starts with “zero trust.” If you are an enterprise or a network operator, you cannot trust any network node or device you intend to connect to until it is truly authenticated or verified. If you are a device developer, your device boot ROM needs to be secured with the “root of trust,” in that the boot codes are secure and can never be tampered with by a third party. On more than one occasion, boot ROMs have been infected by malware. Once infected, the hackers’ software is in control after system boot-up, or the malware is in a dormant stage ready for future disruption. Therefore, developing the root of trust correctly is critical. Otherwise, the whole system is compromised. Find the right technologies and/ or reputable third-party consultant to support what you need to accomplish.
Segregating the network is important. When an attack occurs, a segregation-approach design will make it easier to lock down and isolate different segments of the network to prevent further damage.
Conclusion
As discussed earlier, after you have the anti-threat process in place, make sure you conduct the following steps on a regular basis:
- • Make sure your staff is fully trained on security. They should know how to deal with phishing. Additionally, the staff should know how to carry out the right steps after the system is attacked or bridged.
- • Test existing systems with known malware already on the market to make sure the existing system is secure and rock-solid.
- • Have a proactive security procedure to constantly monitor unusual system behavior and scan and hunt down potential threats. Also, have a procedure for efficiently updating software patches against malware. It is not unheard of for corporations to take more than a month to install software patches. Taking that long will open up opportunities for hackers to take advantage of known software vulnerabilities, as was the case with the Microsoft Exchange Servers hack.
- • Do fire drills on a regular basis. Create a cyberattack scenario and have the whole staff go through the exercise as if it is the real thing.
Finally, stay vigilant at all times!
