This past weekend the Department of Homeland Security (DHS) warned American businesses that Iran is stepping up its attacks on corporate targets here in the U.S. The new rise in malicious activity is alleged to be part of Iran’s response to American cyber attacks on that nation’s missile launch systems.
Escalating tensions in the Middle East are frightening enough without the added twist of American companies, including small to mid-sized businesses (SMBs), becoming targets themselves.
What’s more, standard antivirus and recovery from backup may not be useful against these attacks. In the past, Iran has deployed viruses that render computers completely inoperable, perhaps most spectacularly in the case of Saudi petrochemical company Aramco.
Government agencies and huge defense contractors can afford large dedicated security teams and intrusion detection infrastructure, but what is an SMB to do?
Two Main Vectors For The Attacks: Stolen Credentials and Phishing Emails
Before we discuss solutions, we need to examine the problem in greater detail.
First and foremost, we all need to accept that there’s no such thing as security in obscurity anymore. Attempting to secure your business by flying under attackers’ radar has always been an uncertain strategy, and it’s especially risky in this era of automated attacks.
The second thing to understand is that there are two main vectors for these kinds of attacks—email and credential stuffing.
Email has been a popular virus delivery route for many years. Spam filters stop obvious malware, but increasingly sophisticated phishing attacks are making it through the filters.
In a credential stuffing attack, the attacker buys stolen usernames and passwords and then tries to use them with other services.
Many people continue to use the same password or similar passwords for their entire online existence, both personal and professional. This puts corporate networks at risk when a data breach at an online retailer gives attackers millions of usernames and passwords to try.
An expert in one article I read estimated that as much as 90 percent of remote login attempts on a corporate network can be stuffed credentials.
How to Reduce the Risk of Stolen Credentials with MFA
Let’s attack the easier problem first—remote login using stolen credentials.
As DHS noted, multi-factor authentication is a “basic” defense. We’ve written about MFA previously, so I won’t go into great detail here, but the key point is that the requirement of a second factor prevents someone from logging into your systems remotely with stolen credentials.
You also should set corporate IT policies that require your employees to use different passwords for their corporate accounts than they do for their personal services. This will reduce the likelihood that credential stuffing will succeed on your corporate systems.
How to Reduce Phishing Attacks That Deliver Malware
Malware delivered by phishing emails is a greater challenge, but there are some low-cost/no-cost basic steps that you can take to reduce this risk.
- Remove local administrative rights from your users. It may mean that they are not able to install a piece of software without the assistance of your IT team - but - it also means that a virus can’t be installed easily.
- Train your users to recognize phishing messages. Whether you use a free service or a more advanced paid solution, make sure that you’re sending out trainings at least once each month. Nobody gets good at any activity, physical or mental, with just one exercise, and we need to give our users enough exposure to simulated phishes and training to enable them to improve.
- The third solution provides better protection, but is more costly (though downright inexpensive compared to the cost of wiped computers). An advanced endpoint protection solution like Cylance, SecureOne, Crowdstrike, or CarbonBlack will prevent malware from running on a computer and provide important notification that something is amiss.
Confused or concerned that your security solutions aren’t up to the challenge? Book a complimentary risk assessment with our in-house security expert by clicking on the image below.