Cyber Security First- Hacker Prevention
BY MATTHEW HETELSON
Protecting your network against an attacker can be a daunting task. Initial access is a tactic in which adversaries attempt to infiltrate your network. This is done through a variety of techniques both simple and complex. In this article I will discuss some of the most common methods of initial access and how to defend against them.
1. Office Documents
Microsoft Office is a fruitful vector for gaining access. Macros are snippets of code written in visual basic that are found in almost all Office products and run a set of predefined instructions, often to alleviate a user from doing repetitive tasks. A malicious actor can use these macros to download files, execute code or extract internal information from your network. Most employees will never have a need to create or use macros in their day-to-day and thus macros should be disabled via group policy. For the users that do use macros (often employees in accounting, finance and STEM fields), they should be enabled per application. For example, if an employee only uses macros in Excel, they should be disabled in Access, Word, PowerPoint, Publisher, Project, and Visio.
Phishing is a form of social engineering in which an attacker attempts to coerce an employee to execute malicious software or reveal sensitive information such as passwords. Phishing can be executed over many mediums, the most popular being email. Blocking web-based content from untrusted domains via email will protect against these attacks. User training also goes a long way in stopping phishing attacks. Cybersecurity does not come naturally to all users, so having a good user training program provides an excellent baseline to mitigate phishing attacks. This does not have to come at a price either; Gophish is a free open-source framework that can be used for in-house phishing campaigns.
3. Valid Accounts
Using valid accounts to log on to networked computers is an easy win for attackers. These legitimate credentials can be found through phishing, password spraying, password reuse and password guessing. The best way to stop malicious actors from entering your network with legitimate credentials is through multi-factor authentication. If setting up multi-factor authentication cannot be done, accounts should be heavily monitored for logon locations and times. Additionally, there should be a password policy in place that requires long complex passwords rotated on a regular basis. Password managers are a great tool to help your employees from choosing a simple easy-to-remember password.
4. External Applications and Services
Having public facing applications is a necessary evil in the connected world today, but that doesn’t mean your company needs to be vulnerable to malicious actors. Ensuring your website software is up-to-date with patches and being scanned regularly with a vulnerability scanner are two things to remove the low hanging fruit from your attack surface. Removing public facing services through the use of a VPN with multi-factor authentication will stop attackers from trying to brute force or guess an employee’s credentials. Again, if these services need to be public facing, implement a multi-factor authentication method.
Hardening the attack surface is pivotal in staving off attackers, but it is a never-ending game of cat and mouse. User training, patching, scanning, and network monitoring need to be done continuously to ensure that your network defenses aren’t breached. If you have any questions on how to prevent hackers from gaining access to your organization’s network, reach out to our team at SixGen.