The United States Federal Bureau of Investigation (FBI) has just released an article on how to Build a Digital Defense with an Email Fortress.
According to the agency, scammers have made business email accounts a main target using phishing and social engineering schemes. Some of the strategies for preventing email compromises includes avoiding the use of free web-based email accounts; using multi-factor authentication; and updating firewalls, antivirus programs, and spam filters. It is recommended that users and administrators review these guidelines on how to use caution with email attachments and how to avoid social engineering and phishing attacks. These below are also comprehensive steps you can follow to minimize being another victim in this escalating war:
As an individual or businesses, when you are infected with ransomware it could lead to things like:
- temporary or permanent loss of sensitive or proprietary information,
- disruption to regular operations,
- financial losses incurred to restore systems and files, and
- potential harm to personal or organization’s reputation.
Even when you pay the ransom, it doesn’t really guarantee that the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.
Recommended Steps On How To Prevent Phishing or Ransomewares
- if you are a Windows user, always make it a religious duty to apply the Microsoft patches whenever they are released. Here is how to get Microsoft Technical Security Notifications.
- if you are administrator, enable strong spam filters to prevent phishing emails from reaching the end users and authenticate in-bound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent email spoofing.
- scan all incoming and outgoing emails to detect threats and filter executable files from reaching the end users.
- ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.
- manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary.
- configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.
- again, disable macro scripts from Microsoft Office files transmitted via email. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full Office suite applications.
- develop, institute, and practice employee education programs for identifying scams, malicious links, and attempted social engineering.
- run regular penetration tests against the network, no less than once a year. Ideally, run these as often as possible and practical.
- test your backups to ensure they work correctly upon use.
As an administrator, review US-CERT’s Alert on The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations and consider implementing the following best practices:
- Segregate networks and functions.
- Limit unnecessary lateral communications.
- Harden network devices.
- Secure access to infrastructure devices.
- Perform out-of-band network management.
- Validate integrity of hardware and software.
How To Defend Against Ransomware As An Individual
Precautionary measures to mitigate ransomware threats include:
- ensure anti-virus software is up-to-date.
- implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.
- scrutinize links contained in emails, and do not open attachments included in unsolicited emails.
- only download software—especially free software—from sites you know and trust.
- enable automated patches for your operating system and Web browser.
It is worth mentioning that while using software or other security policies to block known payloads from launching will help to prevent infection, it will not protect against all attacks. Keeping “offline” backups of data stored in locations inaccessible to the infected computer, such as external storage drives, prevents them from being accessed by the ransomware, thus accelerating data restoration.
How To Report Security Incidents
The Department of Homeland Security and FBI encourages recipients who identify phishing or ransomware tool(s) or techniques to DHS or law enforcement immediately. You can contact DHS’s National Cybersecurity and Communications Integration Center (NCCIC) (NCCICcustomerservice@hq.dhs.gov or 888-282-0870), or the FBI through a local field office or the FBI’s Cyber Division (CyWatch@ic.fbi.gov or 855-292-3937) to report an intrusion and to request incident response resources or technical assistance.
OCS Hosting offers a secure email hosting service that gives you all the securities you need as an individual or business.
- U.S senators launches a pilot program offering cash rewards to hackers who discover vulnerabilities in Homeland Security Department websites and other public-facing tools.
- MailSecRep Email Analysis Tool For Outlook
WARNING: Use at your own risk. We are not responsible nor advocate installing any software that you do not know about or its security configurations.