Tips to prevent cyberattacks based on new warnings

Speaking at a quarterly meeting of the Business Roundtable on Monday, President Biden shared a warning with the association of CEOs, representing leading American companies, that digital sabotage against the United States may be imminent. “My administration issued new warnings based on evolving intelligence that Russia may be planning a cyberattack against us,” he said, continuing his strategy of releasing some intelligence information to the public to preempt Russian aggressions.

While likely targets will be critical infrastructure, banks, and energy companies, the President urged all organizations, no matter the size, to take on the responsibility of protecting their assets and securing the privacy of American consumers. “The magnitude of Russia’s cyber capacity is fairly consequential. The federal government is doing its part to get ready, but under US law, the private sector largely decides the protections that you will or will not take in order to protect your sources,” he told the business leaders.

A growing number of Cyberattacks against Retail Organizations

Ransomware criminal groups, many of whom are permitted to operate freely from Russian soil, have shown they do not discriminate when it comes to the type of business they are willing to compromise. The group that reportedly conducted the high-profile Colonial Pipeline attack last May breached the fashion retailer, Guess, a few months before according to the online information security and technology news publication, Bleeping Computer.

In addition to Guess, coordinated hacks of fashion retailers have included Saks Fifth Avenue, affecting 5 million credit card holders in 2018, and one of the largest security breaches of one retailer, Target, who could not prevent the exposure of email and mailing addresses belonging to 70 million customers and the theft of 40 million credit and debit card numbers during Christmas of 2013. This cost Target not only the trust of those customers but an 18.5 million dollar settlement to forty-seven states and the District of Columbia. Even technology-leading Amazon has not been immune. The Wall Street Journal reported that in 2017, third-party sellers operating on the e-commerce giant’s site had their bank deposit information changed by hackers, redirecting tens of thousands of dollars in payments from small businesses.

Employee data is also of value to cybercriminals as demonstrated by the breach of UK-based French Connection, where a minor vulnerability in the company’s back-end system was exploited in 2021, making it possible for the group to steal scans of employee passports and other identification cards. And during a ransomware attack on Moncler this past December, employee data and information relating to suppliers and business partners were held hostage for 3 million dollars, as reported by Bleeping Computer. Moncler refused to pay the ransom demand and found its stolen data published on the dark web.

Prevention, Passwords & Multi-Factor Authentication

Require Employees to create Complex Passwords: Those who watched comedian John Oliver’s infamous 2015 interview in Russia with National Security Agency (NSA) whistleblower, Edward Snowden, will recall their memorable exchange about passwords. “Bad passwords are one of the easiest ways to compromise a system. For somebody who has a very common 8-character password, it can literally take less than a second for a computer to go through the possibilities and pull that password out,” Snowden shared. “The best advice here is to shift your thinking from passwords to passphrases,” he continued. “It can actually be a lot harder to remember a password that has to be thirteen characters or has to have exclamation points, numbers, uppercase and lowercase letters than it is to remember a simple phrase like “margaretthatcheris110%SEXY.” Oliver retorted, “That is a password not even a computer would guess.”

Enable Multi-Factor Authentication: Since a password can be easily compromised, enabling another checkpoint can block a hacker when they reach that second layer of identification. Many business services that require a login like Gmail, Facebook, and bank accounts offer 2-step verification. It is important to note that these services need to be manually enabled by entering an email address or phone number where the company can send a one-time-use code that will be requested after an initial password is entered. The federal Cybersecurity and Infrastructure Security Agency (CISA) recommends especially that all remote access to an organization’s network requires multi-factor authentication. Passwords across networks should be changed regularly so that previously stolen credentials are useless to malicious actors.

Educate about Phishing Scams: A phishing link accessed from a business email account can compromise an entire company’s network, so it is important to remind employees to evaluate suspicious communications carefully. “Examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust,” the Federal Bureau of Investigation (FBI) states on its webpage about common scams. “Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.”

Keep Software Updated: The Whitehouse recommends in a fact sheet about protecting against cyberattacks that companies should deploy modern security tools on computers and devices that continuously look for and mitigate threats. “Most cyberattacks don’t just happen in an instant, there’s activity that leads up to it—researching the victims and scanning for vulnerabilities,” FBI Director Christopher Wray explained at the Detroit Economic Club on Tuesday.

Company cybersecurity or information technology (IT) professionals should be tasked to make sure that all systems and software are patched (updated) and protected against all known vulnerabilities. In a video posted to the White House’s official YouTube channel, Deputy National Security Advisor for Cyber and Emerging Technology, Anne Neuberger, explained, “Software and hardware are often full of vulnerabilities. If you quickly patch, you’ve locked your digital doors.”

IT personnel should always look further into any unusual network behavior. Prior to the breach at Target, the New York Times reported that while the company noticed and logged suspicious activity before the attack, it did not follow up on it thoroughly.

Backup files regularly on offline storage devices beyond the reach of malicious actors and test backup procedures to ensure critical data can be rapidly restored in case of a breach. Encrypt data so it cannot be used if it is stolen.

Designate a Crisis-Response Team with defined roles and responsibilities in the event of a cybersecurity incident and even set up exercises to practice a response.

How to respond to a Ransomware Attack

CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting critical assets. In case of an attack, determine which systems were impacted and immediately isolate them. In the event that infected devices are unable to be disconnected from the network, power them down to avoid further spread of the ransomware infection. Document an initial understanding of what has occurred based on an analysis and try to take a system image or memory capture of an affected device. And definitely call federal law enforcement.

At the annual hearing on worldwide threats that took place earlier this month in the House of Representatives, FBI Director Wray stated, “Our field offices are in a position where they can have a technically trained agent at the doorstep of any company that’s victimized within about an hour anywhere in the country.” Wray reminded that time is of the essence in order to disrupt ransomware actors and to have the ability to “claw back and recover the cryptocurrency that’s paid in a ransom.” A new law included in a spending package President Biden signed off on last week requires companies to notify CISA of an attack within 72 hours and if a company pays a ransom, the agency should be notified within 24 hours.

And despite the example of Moncler’s misfortune when they chose not to pay, it is important to note that a CISA guide on ransomware states that, “Paying ransom will not ensure your data is decrypted or that your systems or data will no longer be compromised. CISA and other federal law enforcement do not recommend paying ransom. In addition, attackers have begun following their ransom demands to decrypt the data with a follow-on extortion demand to keep data private.”

For further resources and information, visit ready.gov/cybersecurity, cisa.gov/shields-up, and fbi.gov/investigate/cyber.