classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2017


Cyber attacks to the left, ransomware to the right
August 2017, This Week's Editor's Pick, Cyber Security, News

With Petya sweeping the globe and proving that we all need to be agile and responsive to the new unknowns, here are some tips for preventing future nasties like WannaCry and Petya which are now making use of EternalBlue and related advanced exploit code.

Prevention tips

Admin privileges: The malware requires administrator rights to the local computer. Standard users should not have this in permission. Consider restricting who has local admin rights to prevent execution of exploit code within organisations. Home users should also consider using a standard user account for day-to-day operations.

No reboot on crash: Many Windows systems are configured to automatically reboot if it crashes. You can disable this feature in Windows. If you can prevent the MFT from being encrypted, you can still recover your data from your local disk.

Unlike WannaCry, Petya is a different kind of ransomware. Common delivery methods are via phishing emails or scams. The payload requires local administrator access. Once executed, the system’s master boot record (MBR) is overwritten by the custom boot loader, which loads a malicious kernel containing code that starts the encryption process.

Once the MBR has been altered, the malware will cause the system to crash. When the computer reboots, the malicious kernel is loaded, and a screen will appear showing a fake Check Disk process. This is where the malware is encrypting the Master File Table (MFT) that is found on NTFS disk partitions, commonly found in most Windows operating systems.

It is when the machine is rebooted to encrypt the MFT that the real damage is done.

Protecting your organisation

• Deploy the latest Microsoft patches, including MS17-010 which patches the SMB vulnerability.

• Consider disabling SMBv1 to prevent spreading of malware.

• Educate end-users to remain vigilant when opening attachments or clicking on links from senders they do not know.

• Ensure you have the latest updates installed for your anti-virus software.

• Ensure you have backup copies of your files stored on local disks. Generally, user files on local drives are replicated from a network share.

• Prevent users from writing data outside of designated areas on the local hard disk to prevent data loss if an attack occurs.

• Operate a least privileged access model with employees. Restrict who has local administration access.

What strategic lessons can we learn?

• We must take a step back and examine not only the “what now?” response, but also the “what next?” In other words, what does the avalanche of malware and other advanced attacks tell us?

• Our existing traditional trust models don’t work. With more critical assets moving to cloud, believing that the data centre is safer is a false philosophy.

• The idea that security practitioners can do any kind of one-time risk assessment and sign-off is flawed, and opens the door for future attacks.

• Trust and risk require continuous re-validation, and a one-time evaluation/accreditation is no longer fit for purpose.

• Adaptive systems providing advanced monitoring and analytics are key.

We need to spend more, but on what?

The BBC has reported that there are calls for a massive increase in cybersecurity spending (www.bbc.com/news/uk-scotland-scotland-politics-40341339), and it’s certainly true that many organisations have avoided spending money on cybersecurity for some years. Elsewhere, CSO online has described the impact of not having nearly enough cybersecurity professionals (www.csoonline.com/article/3201974/it-careers/cybersecurity-job-market-statistics.html). So, we need more competent, trained and enthusiastic professionals, and we need better systems that can analyse, detect and highlight threats requiring intervention.

A lot of people are throwing the ‘cyber’ word around now (and it does sound more fun that ‘IT security’, or ‘computer security’). But cyber has become a very wide term, including:

• Secure software engineers.

• Security evangelist.

• Security architects (and there’s a wealth of division on what secure architecture actually is).

• Security operations engineers.

• Incident responders.

• Penetration testers.

• Digital forensics specialists.

• Network engineers who understand security.

• Firewall engineers.

• Application testers.

• Wireless security engineers.

• Risk management experts.

• SecureDevOps.

• Security awareness.

Add to that, project managers, programme managers, administrators and the entire caboodle of corporate governance wrapping around the people at the sharp end. We know that budgets are limited (otherwise they wouldn’t be budgets) and so we need to decide what to spend our money on, and how to get the most out of our people.

Security and risk will be further discussed with local CTOs and CSOs at the Gartner Symposium/ITxpo taking place in Cape Town from 18 to 21 September (www.gartner.co.za)


  Share via Twitter   Share via LinkedIn      

Further reading:

  • Back to the future
    September 2017, Adamastor Consulting, This Week's Editor's Pick, Cyber Security, Integrated Solutions, Residential Estate (Industry)
    The future is not what it used to be. Rob Anderson looks at estate security in 2027.
  • Assessing risks in security technology systems
    September 2017, Adamastor Consulting, This Week's Editor's Pick, Security Services & Risk Management, Residential Estate (Industry)
    Technology used to mitigate physical risks comes with its own risks that need to be addressed.
  • Manage your data appropriately
    September 2017, This Week's Editor's Pick, Security Services & Risk Management, Residential Estate (Industry)
    Home is where one relaxes and forgets about the stresses and demands of day-to-day life, except if your job is managing an estate and the security of its residents.
  • Managing technology risks for effective estate security
    September 2017, Technews Publishing, Residential Estate (Industry), Cyber Security, Integrated Solutions, Conferences & Events
    Hi-Tech Security Solutions and Rob Anderson hosted the Residential Estate Security Conference 2017 in Johannesburg earlier this year.
  • Essential backup power equipment
    September 2017, Eurobyte Technology, Legrand Southern Africa, This Week's Editor's Pick, Security Services & Risk Management, Residential Estate (Industry)
    Planning for unexpected power outages has become an essential part of any security strategy for residential estates wanting to keep their security running.
  • Five safety rules
    September 2017, DEHN Africa, This Week's Editor's Pick, Security Services & Risk Management, Residential Estate (Industry)
    Working on electrical installations can be dangerous as those that are not properly connected or maintained pose a serious risk to both people and property.
  • Deepening the value of surveillance
    September 2017, Hikvision South Africa, Residential Estate (Industry), CCTV, Surveillance & Remote Monitoring, Cyber Security
    Deep Learning has swept through the IT industry, bringing benefits and better classifications to a number of applications. Now it’s changing security as well.
  • Partnering with estates for security success
    September 2017, Elf Rentals - Electronic Security Solutions, This Week's Editor's Pick, Perimeter Security, Alarms & Intruder Detection, Integrated Solutions, Residential Estate (Industry)
    The team at Elf Rentals considers themselves to be specialist partners in the electronic security sector in terms of the financing, installation and maintenance of security contracts.
  • Advances in video analytics
    September 2017, Avigilon, Bosch Security Systems, Reditron, Cathexis Technologies, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Perimeter Security, Alarms & Intruder Detection, Residential Estate (Industry)
    Analytics technologies are continually advancing to not only alert to potential threats, but also to reduce the occurrence of false alarms.
  • Expect the unexpected
    September 2017, This Week's Editor's Pick, Integrated Solutions, Security Services & Risk Management, Residential Estate (Industry)
    The scouts’ motto of Be Prepared is probably more suited to those responsible for managing the security of residential estates.
  • Remote maintenance is a reality
    September 2017, This Week's Editor's Pick, Integrated Solutions, Residential Estate (Industry)
    With the Internet of Things (IoT) and artificial intelligence (AI) becoming more accepted in general, remote maintenance has in fact become possible.
  • The perimeter and beyond
    September 2017, FLIR Systems, Modular Communications, Secu-Systems, This Week's Editor's Pick, Perimeter Security, Alarms & Intruder Detection
    No matter how secure you think a particular layer is, there is always someone who will figure out a way past it, which is why we need other layers to deter them from further incursion.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.