This Month in Cyber Security - February 23, 2021 Bruce Ward
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
This Month in
Bruce Ward
Cyber Security
February 23, 2021
Agenda
A. Is the Water Safe? – the compromise of the US
Water Treatment Facility – what happened and
what can we learn?
B. Ransomware – Who are the players, What do
they want, Where will they target, When will
they strike, and How will I be victimized? We’ll
pair up a few doses of prevention with a few
doses of response leveraging our Ransomware
Guide and experience responding dozens of
events in the last year.
C. EOS – several key elements of your network
have just gone End Of Support. What does it
mean and what should you do?
Is the Water Safe?
CISA, Feb 11, 2021
End of Life - Browsers
ZDNet, Feb 17, 2021
End of Life - Browsers
Microsoft, Feb 5, 2021
End of Life - Browsers
ZDNet, Feb 8, 2021
End of Support Timeline
Peters, Feb 22, 2021
Mac Issues
CNN Business, Feb 22, 2021
SolarWinds – Unfolding Event
Bleeping Computer, Dec 18 2020
SolarWinds – What to Do
CISA, Jan 8, 2021Indicators of Compromise
in Office 365
Foreign Mailbox RSS Feed
Mailbox Logins Forwarding Folder Usage
Auditing Admin Audit
Bypass LogsSolarWinds – What to Do
Peters, Jan 17, 2021Ransomware
Peters Ransomware Guide, Feb 22, 2021Ransomware
Owners
Developers
Who?
Operators
Affiliates
InfoRisk Today, Feb 2, 2021Ransomware
InfoRisk Today, Feb 2, 2021Ransomware
What?
InfoRisk Today, Feb 2, 2021Ransomware
Peters Ransomware Guide, Feb 22, 2021Ransomware
How?
InfoRisk Today, Feb 2, 2021ACME Network Office
Azure
365
InternetIdentity
“0.5% of Azure Active Directory accounts as used by
Office 365 are compromised every month.” – Microsoft
“If an account is compromised, there's a 99.9 per cent
chance that it did not have MFA [Multi Factor
Authentication]". - Microsoft
The Register, March 5, 2020Authentication
Password REPLAY
Password SPRAY
Password PROVIDED
1000 Users Guess Reuse Phish
40% 40% 20%
Bleeping Computer, Oct 26, 2020Ransomware
How?
InfoRisk Today, Feb 2, 2021Ransomware
Protection?
InfoRisk Today, Feb 2, 2021NIST Cyber Security Framework
Identify Protect Detect Respond Recover
Inventory Patch Incident
Monitor Backup &
Categorize Configure Response
Alert Recovery
Prioritize Anti-Virus MitigationRansomware - Mitigation
Essential 8 Security Model
1.Application control
2.Patch applications 1. Partly
3.Microsoft Office macro settings
4.User application hardening 2. Mostly
5.Restrict administrative privileges 3. Fully
6.Patch operating systems
7.Multi-factor authentication
8.Daily backups
ZDNet, Oct 23, 2020The 3-2-1-1 Guide for
More Secure Backups
3 Copies Stored on
of your 2 Different
Data Media
1 Copy 1 Copy
Stored Stored
Offsite OfflineBackup & Recovery
Assessment
Evaluation of Backup & Recovery Strategy,
Procedures, and Approach
$1,000
through
1-Day Technical Review of Backup the end of
Infrastructure and Coverage Q1 2021
Recommendations Report for Improving
Backup & RecoveryPULSE Managed Backup &
Recovery
Implementation of a modern server backup
solution with local, secondary site, and
Pricing
offline storage options Starts
Around
Daily Backup Review and Error Remediation $500/mo
Regular Recovery Testing and 24x7 Data
Recovery AssistanceRansomware
Response / Recovery?
InfoRisk Today, Feb 2, 2021Ransomware
ZDNet, Feb 2, 2021Ransomware – OFAC Ruling
OFAC, Oct 1, 2020Incident Response Plans:
2
https://www.peters.com/are-you-prepared-in-the-event-of-a-breach/Security Testing
❑+ Anomolous
❑More…
❑Email – Advanced Protection
✓ Next-Gen Firewall ✓ Security Review for Office 365
✓ Next-Gen AV / Malware ✓ Port Scans – RDP, Changes
✓ Backup + Offline ✓ Security Awareness
✓ Patch Policy ❑Internet Security - DNS
✓ Admin PolicyRecent Blogs
Events
Q&A
You can also read
