+44 (0)203 88 020 88

Menu

Search

Cyber Security News & Articles

 

Cyber Security
News & Articles

Trusted Cyber Security Experts
25+ Years Industry Experience
Ethical, Professional & Pragmatic

The importance of Cybersecurity basics

Since early May, the city of Baltimore has struggled to recover IT systems following a ransomware attack that has left many departments unable to function or even send and receive emails.

Citizens have been unable to complete house sales, pay their water bills or receive health alerts.  The RobbinHood malware that has attacked the city’s IT infrastructure is based on the EternalBlue exploit.  EternalBlue was originally developed by the NSA and was leaked back in 2017 and quickly adopted by many nation state actors and cyber-criminals.  EternalBlue exploits a defect in the Microsoft SMB server which Microsoft patched back in March 2017.  (So dangerous was this remote code execution vulnerability that Microsoft also issued patches to fix the defect in Windows Vista and XP; even though those Operating Systems had fallen out of support)

So yes, the city of Baltimore IT systems have been brought down by a vulnerability that was fixed in a free Windows Update issued more than two years ago.  The cost to the city in lost and late payments is estimated at $18million (so far).

Almost two months passed between the release of fixes for the EternalBlue vulnerability and when ransomware attacks began. Despite having nearly 60 days to patch their systems, according to Microsoft many customers had not.  And to this day, many still have not patched their systems.

On the 14 May 2019 Microsoft released a patch for another critical Remote Code Execution vulnerability, this time in Remote Desktop Services.  CVE-2019-0708

This vulnerability is so powerful, that in a proof of concept video  recently released it takes just 20 seconds to obtain the hashed passwords of other Windows systems attached to the same network.

Microsoft stated in a blog post:

Microsoft is confident that an exploit exists for this vulnerability, and if recent reports are accurate, nearly one million computers connected directly to the internet are still vulnerable to CVE-2019-0708. Many more within corporate networks may also be vulnerable. It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise. This scenario could be even worse for those who have not kept their internal systems updated with the latest fixes, as any future malware may also attempt further exploitation of vulnerabilities that have already been fixed.

Prompt installation of security patches for both the operating system and applications installed on each computer system is the simplest yet most effective step any organisation can take to improve its cybersecurity. All modern operating systems and most applications now provide the option to automatically install updates. You can read more about security patching and learn how best to approach it in this article.

To the uninitiated, cybersecurity can appear to be a complex and difficult area; and as security professionals we can be tempted to focus in on the more interesting (and technical) threats and their mitigation. However, the greatest incremental gains in protecting our networks come from doing the basics.  Programs such as Cyber Essentials provide an easy to follow framework for any organisation to implement the basic yet essential steps to protect their networks and data.

Another mistake we may be tempted to make, is to think that cyber-criminals are all expert hackers with significant resources at their disposal.  While this may be true for some nation state actors and established criminal gangs, recent evidence points out that many would be cyber-criminals are not very clever or competent at all. They can be kept at bay with basic cyber-security hygiene.

A recent article from one of the researchers at New Sky Security records the rise of online video tutorials that aim to show complete novices how to set up their own Botnets in order to attempt credential stuffing or DDoS attacks.  The researcher was able to discover and take over several Botnets totalling some 25,000 devices because the command and control servers had been set up with weak or default credentials.   It’s a bad week indeed when your systems are taken down by a hacker whose own security is so weak their command and control systems  use the login details: ‘root/root’.   In several cases, non-functional botnets were discovered because the target IP address in the configuration file was still set to: <INSERT-IP-ADDRESS-HERE>

With an increase in ‘off the shelf’ malware and hacking kits available online, complete with video tutorials – it is ever easier for almost anyone to attempt to make a quick buck by attacking your network.  For these types of threats, the basics of cybersecurity is all you need to protect your network.

Top tips to protect your network

Install security patches as soon as possible (within a month of release) – turn on automatic updates for the operating system and applications wherever possible.

Check every device directly connected to the internet with automated vulnerability scans each month.  This will identify missing security patches and mis-configured systems that are vulnerable.

Segment your network. Use firewalls to separate your network from the Internet and then split your internal network into different zones, so if one zone gets compromised, the rest of the network remains secure. Review your firewall rules regularly and use a Default Block All Traffic approach and then only allow specific traffic through when you understand what it is and where it is going.

Validate your network security with network penetration testing  at least once per year – using real life humans to try to get into your network and then explain to you how they did it and how to fix any vulnerabilities.

Follow an existing standard, such as Cyber Essentials , rather than inventing your own security strategy.

Turn on Windows Defender (or your chosen anti-malware tool) and ensure it is allowed keep itself up to date on all systems on your network.

Do not share login details – ensure everyone has their own login.  For those who need Administrator privileges, give them two logins – one with and one without admin rights – and train them to only use the admin login when needed and then revert to the standard login as soon as possible.

 

 

 

Subscribe to our monthly newsletter today

If you’d like to stay up-to-date with the latest cyber security news and articles from our technical team, you can sign up to our monthly newsletter. 

We hate spam as much as you do, so we promise not to bombard you with emails. We’ll send you a single, curated email each month that contains all of our cyber security news and articles for that month.

Why Choose SecureTeam?

CREST
CCS
ISO9001
ISO27001
CE-PLUS

Customer Testimonials

“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”

Aim Ltd Chief Technology Officer (CTO)

"Within a very tight timescale, SecureTeam managed to deliver a highly professional service efficiently. The team helped the process with regular updates and escalation where necessary. Would highly recommend"

IoT Solutions Group Limited Chief Technology Officer (CTO) & Founder

“First class service as ever. We learn something new each year! Thank you to all your team.”

Royal Haskoning DHV Service Delivery Manager

“We’ve worked with SecureTeam for a few years to conduct our testing. The team make it easy to deal with them; they are attentive and explain detailed reports in a jargon-free way that allows the less technical people to understand. I wouldn’t work with anyone else for our cyber security.”

Capital Asset Management Head of Operations

“SecureTeam provided Derbyshire's Education Data Hub with an approachable and professional service to ensure our schools were able to successfully certify for Cyber Essentials. The team provided a smooth end-to-end service and were always on hand to offer advice when necessary.”

Derbyshire County Council Team Manager Education Data Hub

“A very efficient, professional, and friendly delivery of our testing and the results. You delivered exactly what we asked for in the timeframe we needed it, while maintaining quality and integrity. A great job, done well.”

AMX Solutions IT Project Officer

“We were very pleased with the work and report provided. It was easy to translate the provided details into some actionable tasks on our end so that was great. We always appreciate the ongoing support.”

Innovez Ltd Support Officer

Get in touch today

If you’d like to see how SecureTeam can take your cybersecurity posture to the next level, we’d love to hear from you, learn about your requirements and then send you a free quotation for our services.

Our customers love our fast-turnaround, “no-nonsense” quotations – not to mention that we hate high-pressure sales tactics as much as you do.

We know that every organisation is unique, so our detailed scoping process ensures that we provide you with an accurate quotation for our services, which we trust you’ll find highly competitive.

Get in touch with us today and a member of our team will be in touch to provide you with a quotation. 

0

No products in the basket.

No products in the basket.