Technical Support: 412-349-6678 | Incident Response

Offense vs. Defense: Who’s Winning the Race for Cybersecurity?

Cybersecurity - offense v. defense

There is a constant race between both defenders and attackers of cybersecurity, and winning it is crucial to the stability of your business.

Criminal gangs find success by exploiting weaknesses. Thankfully however, they can be countered.

As new vulnerabilities arise, the four fundamentals of successful defense remain the same: stay informed, patch when available, use multiple layers of protection, and monitor for attacker activity.

As U.S. and foreign governments begin striking back against cybercriminals, hackers are launching attacks with mounting pressure.

With this in mind, businesses must take whatever steps they can to slow down a variety of threats.

Attackers Simply Move Faster

A key aspect to consider is a realistic evaluation of your organization’s ability to maintain the on-prem Exchange servers. 

Start with the question: how long does it take to test and implement the patches on the servers when Microsoft releases critical patches for an Exchange Server, such as the one patched in early September ? 

Moving to Microsoft 365 pushes the patching and infrastructure maintenance burden onto Microsoft. That said, how much time and money will be saved if you can lighten the burden for your IT team? 

Any organization considering a migration to Microsoft 365 needs to work with its IT team and/or IT vendor to quantify the cost spent on software maintenance, as well as the hardware for the servers.

If this is not something currently measured, implement a tracking system for a quarter or two, then check.

Cybersecurity Executive Order
U.S. Government Issues Cybersecurity Executive Order as Attacks Continue - Read More Here

Ransomware Developments

Recently, the French insurance giant, AXA, announced they will stop reimbursing ransomware payments.

Following the announcements, their offices in Thailand, Malaysia, Hong Kong and the Philippines suffered an attack from the Avaddon ransomware gang.

Earlier in the month, both the FBI and the Australian Cyber Security Centre (ACSC) had warned that this gang was targeting manufacturing, healthcare, and other specific sectors.

Avaddon extracts data in order to add pressure, but they also threaten to deploy distributed denial-of-service (DDoS) attacks. These attacks make recovery even more difficult for the victim.

However, DDoS attacks are a common problem, and most organizations should be able to fight off this angle of attack.

Another ransomware gang, MountLocker, is more difficult to counter, however. This is due to a worm feature that incorporates the Windows Active Directory (AD) Service Interface’s API.

Companies cannot simply block basic Windows functions, so instead they must actively monitor AD queries to catch this attack in action.

Easy Ransomware Defense

Fortunately, some hackers provide an easy-to-implement ransomware defense – installing foreign-language packs.

In an effort to avoid upsetting the government where they operate, before executing their ransomware software they first check the installed language packs.

If the software detects Russian or a handful of other former Soviet Union languages installed on the machine, the malware will abort.

While it isn’t be a practical solution for every organization, installing language packs certainly provides a low-effort and low-cost option for security.

Governments Strike Back

To compliment executive orders issued earlier this month, the U.S. Congress introduced five bipartisan bills designed to strengthen the U.S. against cyberattacks.

One bill even authorizes a $500 million grant program to improve security infrastructure for state, local, tribal, and territorial governments.

It takes time for these laws to be ratified, so in the meantime, the FBI is actively coordinating with foreign governments to take down major threats.

Earlier this year, the FBI joined the Netherlands, Germany, the UK, and others to seize the servers running the Emotet botnet.

The widespread botnet had provided the backbone of operations for several criminal activities, including spam campaigns and ransomware attacks.

Following the seizure, the FBI released 4 million compromised email addresses used by Emotet to the HaveIBeenPwned website. This website provides a simple, centralized resource to check if user data has been leaked or compromised.

Although the Emotet botnet has been disabled, organizations should check for compromised username and password combinations that may be used in future credential stuffing attacks.

In another major blow to criminals, the DarkSide ransomware gang – responsible for shutting down the Colonial Pipeline and earning $90 million in just nine months – has just been forced to disband. Unnamed “law enforcement agencies” have seized the servers and associated bitcoin funds, forcing the gang to discontinue activities.

Similar scores have also shut down the REvil ransomware gang, and even led to some Russian cybercrime forums completely banning ransomware as a topic.

Why? Because governments are taking notice and taking it seriously, increasing pressure on criminal activities.

Although these are great successes against the ransomware community, as long as it remains lucrative, new gangs of criminals will undoubtedly continue to pop up.

Tailored Defense

As new methods of attack are discovered and created, the need for innovative solutions will always remain.

Criminals continue to evolve, and so too, must defenses against them. The race of offense and defense is a marathon, and continuing the course of security is the only way to win.

The specifics of how to implement security measures need to be tailored specifically for each organization, and often needs updated to match evolving needs. Ideal Integrations provides all of the network design, security in-depth, patching services, and cybersecurity monitoring your organization needs.

Call Ideal Integrations at 412-349-6680 or fill out the form below and we’ll work with your team to find cost-effective solutions that match your needs and resources. Remain prepared for the next wave of cybersecurity attacks to come.

Need a Managed IT Solution For Your Organization? Contact Us!

  • This field is for validation purposes and should be left unchanged.