Home SecurityNetwork Security How to defend Windows networks against destructive cyberattacks

How to defend Windows networks against destructive cyberattacks

Source Link

The Russian cyberattacks on Ukrainian organizations reminds us that the attacker isn’t always looking to steal data or extort money. Sometimes they just want to cause as much damage as possible. Both Microsoft and Mandiant recently released information about these destructive attacks and how to better protect against them.

Regardless of geographic location, all of us can learn from how these attacks occur and are mitigated. The attacks were extreme in their destruction. As Microsoft noted in its blog, “The malware in this case overwrites the MBR [master boot record] with no mechanism for recovery.” This leads the system to be unbootable and unrepairable without a full reinstall or recovery from a full backup of the system. Thus, the first lesson is to ensure that you have the tools and resources to either fully redeploy your workstation images or have a full ability to recover your platforms.

The Mandiant document provides actionable information about the best ways to protect yourself from harm and destruction from similar attacks. As you go through the document, consider if you have these protections in place.

Protect external-facing devices and systems with multi-factor authentication

Mandiant recommends starting with the externals. We have long had a squishy internal network and a hardened shell. Once the outside is penetrated, it’s relatively easy to launch lateral attacks inside your office resources. So, first review whether your external facing devices and anything else that allows remote access requires multi-factor authentication.

No one or no thing should be able to log in with a mere username and password. Review every edge device to determine if natively the device supports the use of an authenticator application rather than a mere password. It’s not always necessary to be absolutely secure, just a bit more secure than the network next to yours.

Identify high-value targets on your network

Review your network for high-value targets that may be targeted for destructive attacks. The key resource you have is not sexy or revolutionary. It’s been with us for years: backup. You want to have a rotation of backups to ensure that you have offsite and off-domain backup media. If all your backup locations are domain joined and the attacker can access that location, your backups themselves can be impacted. Access to virtualization infrastructure should be through limited accounts that are designed and protected to have such access. Again, consider two factor authentication and other privilege access processes when it comes to protecting HyperV and other virtualization platforms.

Copyright © 2022 IDG Communications, Inc.

Related Articles

Leave a Comment