Lateral movement can turn a little phish into a whale of a problem
The stats don’t lie. Cybercrime is a profitable and growing industry. Australian businesses reported more than 5800 scams with losses exceeding AU$7.2 million in 2018 – a 53 per cent increase compared to 2017, according to the ACCC’s Targeting scams report.
As businesses become increasingly security aware, and their IT networks harder to infiltrate, cyber criminals are honing their arsenal of activities and exploits to maximise the payout from any successful breach.
Once a hacker gains access to a user’s account (through phishing or social engineering) they are now more likely to use that initial foothold as a starting point to work their way progressively through a network, searching for specific data and assets.
This is called “Lateral Movement”, and it can result in much greater damage to your business systems with lengthier and more expensive restoration work.
How lateral movement hacking crippled the city of Baltimore
The US city of Baltimore has been partially paralysed since 7 May, when a hacker executed a ransomware attack that took down an array of business systems including:
- voicemail and email
- a parking fines database
- a payment system for water bills, property taxes and vehicle citations
- all real estate transactions.
There has been speculation that the ransomware was able to spread so quickly to so many systems because it included a lateral hacking exploit, called EternalBlue, in its code. Depending on which source you read that looks not to be the case, but the fact remains that once the attacker gained access to the Baltimore network, they took their time and spread the infection as widely as they could in order to do the most damage.
So far, over a month later, only a third of the city’s employees have had email restored. The full bill for recovery is estimated to be US$18 million – that includes US$10 million to restore the infected systems and US$8 million in lost revenue.
What you can do to protect your business
Clearly, when it comes to cyber crime, prevention is better than cure. Even the most up-to-date antivirus software can not protect you if you allow a malicious actor into your network.
To adequately protect your systems, I recommend the following.
Use strong passwords
Security best practice states that you should have a different, complex password for each and every account login. If you count up the number of different accounts you keep, from email and business systems to online shopping and social media, you’ll soon decide that’s impossible.
It’s not, though. All you need is a good password manager.
Restrict user permissions
Many workers prefer to have full administrative access to their workstation because they feel like it’s easier than having to ask for permission when installing new software. The problem with this is that any virus they accidentally execute will enjoy the same privileges.
By enforcing a user restrictions and execution policy, you limit the ability for malicious code to take control of the system and move laterally through your network.
Invest in a Unified Threat Management system (UTM)
UTMs offer a single IT security solution for small businesses. In contrast with separately installing and managing firewalls, antimalware software and web filtering software, a UTM is a single system that provides an umbrella of protection – usually antivirus, firewall, intrusion protection, VPN and web filtering protections – over multiple devices, systems and remote offices.
This really is the last line of defence but perhaps should be at the top of the list. Educating your team about best practices with emails is important. In simple terms, if you are not expecting an email, don’t open it. Always read the email carefully and check that links are actually pointing to the location they say (hover your mouse over the link to check this). Most virus-based emails are written badly and have bogus links.
IT security is not a “set and forget” commodity. You need to constantly review your technology against the present and emerging threats. At least every 6 months, review any risks you have in your technology and assess where you need to take action to reduce the risk.
Better yet, why not engage with IT professionals who are across all the latest threats and protections? If you’d like an IT security check, or advice on best practice policies and procedures for IT security, give Proactive IT Solutions a call.
Header image designed by: vectorpocket / macrovector / Freepik