Find a Partner
Making headlines lately have been well publicized, large cyberattacks including the Sunburst exploit of SolarWinds Orion Platform and most recently the Hafnium exploit of Microsoft Exchange server. Both of these attacks came from zero-day threats and have impacted organizations globally.
Zero-day is a term that applies to both the vulnerability and the threat. A zero-day vulnerability refers to a software security flaw that is unknown to the developer or one that is known to the developer but doesn’t have a patch in place to fix the flaw. A zero-day threat, or attack, is an attack that hasn’t been seen before and exploits this vulnerability.
In December 2020, FireEye publicly reported that malicious malware (named Sunburst) had been installed on internal systems through trojanized SolarWinds Orion software updates. However, it was quickly discovered that the malware was much more widespread than FireEye. The Sunburst attack caused a breach of approximately 18,000 systems across the globe, with many of those affected still not sure what the final impact will be.
This highly publicized event affected such prominent agencies as the Department of Homeland Security and parts of the Pentagon. Attackers also gained access to fundamental systems of more than 425 companies in the Fortune 500, all of the top 10 US telecommunications companies, and five branches of the US military.
More recently, Microsoft was the target of four zero-day attacks that are estimated to have affected at least 30,000 businesses and government agencies. The attack targeted vulnerabilities in versions of on-premises Microsoft Exchange Servers across the US and was likely orchestrated by the highly skilled and sophisticated actor Hafnium, a state-sponsored advanced persistent threat (APT) group from China.
On March 2, Microsoft released patches to address the four vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065), however, there is concern that companies are not applying them fast enough and that the number of victims will continue to grow.
As these types of attacks become more common, prevention becomes more crucial and companies must take proactive measures to ensure their business, employees and critical data are protected. By following the prevention and security best practices listed below, you can increase your network security
Keep systems up to date
Cyberattacks are always evolving, therefore, the solutions not only need to keep evolving, they also need to stay ahead of bad actors. That is why it is imperative to keep systems such as antivirus software up to date. Yesterday’s version may not protect against tomorrow’s threats.
Subscribe to principles of Zero-trust Networking
Zero-trust strategies are an initiative to protect digital environments based on the key principle that no access is granted at all unless it is specifically and deliberately given. This principal is applied to users and devices.
At its core, zero-trust uses micro-segmentation to break up security perimeters into small zones to create separate access points for separate parts of the network. While access may be granted to one zone, access to other zones will require separate authorization. Policies are often set to give users the least amount of access needed to complete a task.
Train employees on how to detect phishing attempts
All it takes is one wrong click from a well-meaning employee to compromise company data. Cybersecurity training should start on Day 1 as part of the onboarding process and include detailed information on how to spot a phishing scam. Train employees to feel more knowledgeable and secure with the practical skills needed to identify possible attacks and how to report them to Network Administrators. Data breach protection requires all employees across all departments to be fully prepared. Having an unprepared employee will certainly be a weak link.
Enforce multi-factor authentication whenever possible
As cyberattacks evolve and become more complex, using multi-factor authentication (MFA) will add an additional layer of security. MFA combats human error by requiring more than one piece of evidence that the user is who they appear to be. A common form of multi-factor authentication is to require a username and password, and additionally ask for a temporary code sent to a trusted device as a further confirmation of identity. MFA combats human error by preventing cybercriminals from logging into accounts with stolen usernames and passwords.
While companies can plan and prepare to prevent a cyberattack, it can still happen. Once a breach has been discovered, it is important to follow these steps to mitigate the impact:
Large data breaches covered by the media can make cyberattacks seem scary. However, by knowing what to do before a breach occurs and having a plan in case you are attacked will position your company to survive with the minimal impact.
Sign up to receive updates on Untangle news, products and more
Copyright © 2022 Untangle
1 (866) 233-2296