Authored by Sunil Sharma, Managing Director - Sales, Sophos India and SAARC.
Cyberattacks are becoming increasingly more complex and sophisticated, impacting industries and organizations of all shapes and sizes. What is interesting, is that perpetrators of these attacks are becoming more diverse, ranging from Initial Access Brokers (IABs) to ransomware gangs. Collaboration among these bad actors poses a challenge for detecting and defending against attacks, making it difficult for most organisations to defend against on their own.
A common method often used by attackers to breach networks is the exploit of ProxyShell vulnerabilities in email servers. This tactic involves Initial Access Brokers (IABs) who sell access to other attackers after gaining entry through these vulnerabilities. Shockingly, unpatched ProxyLogon and ProxyShell vulnerabilities were responsible for almost 50% of all analysed incidents in 2021, and attackers continued to use them in 2022. The exploitation of these vulnerabilities by IABs and other attackers can lead to multiple attacks on a single target, thereby making it easier for them to gain access.
It is no secret that cybercriminals are constantly improving their tools and techniques. One example of this is the rise of double extortion ransomware, which involves both data exfiltration and encryption, thereby increasing the potential damage to victims. Furthermore, longer dwell times leave organizations more exposed to multiple attackers and multistage attacks. Between 2020 and 2021, the average dwell time increased by 36%, making it more difficult for organizations to detect and mitigate the effects of such attacks.
In light of this, it is important not to become complacent. Leaders must keep in mind that all organizations are potential targets and no industry is immune to attacks. Any weaknesses or unprotected areas in a network will most likely be found and exploited. To enhance your defence against these threats, here are nine helpful tips:
1. Investigate and patch vulnerabilities
Regularly check your network for potential security weaknesses, such as unaddressed vulnerabilities like ProxyLogon and ProxyShell, as well as any back doors that might have been opened by malicious actors. It is crucial to keep all your software up to date and ensure that all patches are installed correctly to reduce the risk of security breaches.
2. Monitor and respond to threats 24/7
It's important to have the necessary resources, knowledge, and procedures in place to detect and address security threats at all times. Cyber criminals frequently target organizations during low-traffic periods such as weekends, national holidays, and late at night when they believe the chances of being caught are lower.
3. Harden the security of remote access services
To ensure network security is maintained, it is advisable to regularly perform external network scans and secure commonly used remote access tool ports. For devices that require remote management tool access, it is recommended to place them within a VPN or zero-trust network access system that uses multifactor authentication (MFA).
4. Adopt—or at least work toward—a zero-trust network model
Segmentation can greatly aid in enhancing network security. This can be done by isolating important servers and placing them in virtual local area networks (VLANs). Such a move facilitates the implementation of the zero-trust network access security framework, which grants specific network access to each user.
5. Strengthen passwords and implement multi-factor authentication (MFA)
It's important to educate employees on the importance of strong and unique passwords. At the same time, keep in mind that even the most complex passwords can be hacked. Hence, it is advisable to implement multi-factor authentication (MFA) as an extra layer of protection across all access points.
6. Inventory all network assets
To minimize the chances of malicious activities, it is crucial to conduct network scans and physical checks to keep an inventory of all the assets and accounts on your network. This includes identifying all connected computers and IoT devices. Failure to account for unprotected devices can heighten the risk of security breaches.
7. Extend layered protection to all network endpoints
Each network access point presents an opportunity for attackers to exploit. It is not safe to assume that your network is secure since there may be security breaches that have gone unnoticed. Additionally, any open access point can be used by attackers to gain unauthorized access to your system.
8. Ensure correct product configuration
Monitor product configurations regularly to ensure they are current and update security policies as required.
9. Proactively hunt threats with managed detection and response
In today’s threat climate, passively monitoring your systems isn’t enough. An ideal approach is to leverage managed detection and response (MDR) and similar solutions that can proactively identify and neutralize threats before they take hold.