{"id":4795,"date":"2020-06-19T09:51:12","date_gmt":"2020-06-18T21:51:12","guid":{"rendered":"https:\/\/kinetics.co.nz\/?p=4795"},"modified":"2020-06-19T09:51:12","modified_gmt":"2020-06-18T21:51:12","slug":"noimmunity","status":"publish","type":"post","link":"https:\/\/new.kinetics.co.nz\/?p=4795","title":{"rendered":"No one is completely immune!"},"content":{"rendered":"

[et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”4.16″ global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_row admin_label=”row” _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||” theme_builder_area=”post_content”][et_pb_text admin_label=”Text” _builder_version=”4.16.1″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” hover_enabled=”0″ global_colors_info=”{}” theme_builder_area=”post_content” sticky_enabled=”0″]\"\"<\/a>Hackers can strike anyone. If well-resourced organisations like Honda<\/a>, Lion NZ<\/a> and Fisher & Paykel Appliances<\/a> can fall victim to hackers, then anyone can.<\/p>\n

I don\u2019t have specific knowledge of what happened at these organisations, but it\u2019s a safe bet they are well run with good teams, education in place, appropriate policies and an audit process. But even so, hackers took them down.<\/strong><\/p>\n

Is there any hope for the rest of us then?<\/h2>\n

We\u2019ve always said that you can reduce your risk, but you can\u2019t eliminate it. You have a duty to your stakeholders to take all reasonable steps<\/span>, and to keep reviewing that as the risks and challenges evolve.\u00a0 Our security team had a discussion about what might have happened at these two corporates. These are just speculation but it is useful to work through these items and make sure you have these covered off.<\/p>\n

Firstly<\/strong>, we noticed CERT NZ put out an advisory<\/a> about protecting systems from remote access vulnerabilities. That can\u2019t be a coincidence. Organisations must make sure every connection is encrypted with a current technology \u2013 and kept up to date with the latest updates.<\/p>\n

Secondly<\/strong>, ensure passwords are complex and secure. Don\u2019t use the same password (or a variation) for everything you use. Instead, use a tool that lets you maintain unique, long and complex passwords on every site.<\/p>\n

Then there is MFA<\/strong> \u2013 multi-factor authentication. Every account needs MFA.\u00a0 It must be mandatory on everything<\/strong>,\u00a0 If there is one thing that you do, make it MFA.<\/p>\n

One of our guesses is that the system administrators at these sites are a point of risk. These are the people that get sent all the questionable emails and webpages to check out, so are more likely to stumble across malware and infections. To do their job, they often have \u2018elevated\u2019 rights (i.e. MASTER accounts) which give them more access, and also means that if their accounts are compromised, they can cause more harm over more systems. Finally, because they need to log in and out often, they are the ones for whom MFA is a real nuisance, so they are most likely to disable it. Our advice is to have them work normally with a more restricted user privilege and only log in with \u2018admin\u2019 rights when the task they are doing needs it, and they should lead the way with the use of MFA.<\/p>\n

At Kinetics, we insist all our tools require MFA for access. We use a secure (SOC2 certified) password vault, and we\u2019ve extended that so our customers can have access with our KARE Password Vault<\/a> product. Our KARE for Security<\/a> service is designed to add an extra layer of security to existing KARE agreements.<\/p>\n

The law of entropy says that all systems will move towards a state of disorder. This is also true of IT and access rights.\u00a0 To combat that, all systems need a regular review and login accounts are no different. Decisions are made that may well be justified at the time. But weeks, months or even years later, these login accounts become a security risk.\u00a0 So you need to regularly review all local server accounts and passwords, all AD accounts with elevated rights and ensure every account is justified and has appropriate rights levels, and of course regularly change all passwords<\/p>\n

What actions should you take?<\/h2>\n
    \n
  1. Patch your software (or use a service like KARE to ensure it is up to date and require regular reports to prove it)<\/li>\n
  2. Ensure the use of\u00a0 strong passwords by all staff<\/li>\n
  3. Make MFA mandatory for all users<\/li>\n
  4. Have regular threat awareness training for staff<\/li>\n
  5. Make sure users only have sufficient system access rights to be able to do their job<\/li>\n
  6. Regularly review account access, rights and passwords<\/li>\n<\/ol>\n

     <\/p>\n

    Refer : https:\/\/www.cert.govt.nz\/it-specialists\/advisories\/active-ransomware-campaign-leveraging-remote-access-technologies<\/a>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"

    Hackers can strike anyone. If well-resourced organisations like Honda, Lion NZ and Fisher & Paykel Appliances can fall victim to hackers, then anyone can. I don\u2019t have specific knowledge of what happened at these organisations, but it\u2019s a safe bet they are well run with good teams, education in place, appropriate policies and an audit […]<\/p>\n","protected":false},"author":5,"featured_media":4147,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"\"\"<\/a>Hackers can strike anyone. If well-resourced organisations like Honda<\/a>, Lion NZ<\/a> and Fisher & Paykel Appliances<\/a> can fall victim to hackers, then anyone can.\n\nI don\u2019t have specific knowledge of what happened at these organisations, but it\u2019s a safe bet they are well run with good teams, education in place, appropriate policies and an audit process. But even so, hackers took them down.<\/strong>\n\n[header2 text=\"Is there any hope for the rest of us then?\" align=\"left\" color=\"#3ec940\" margintop=\"\"]\n\nWe\u2019ve always said that you can reduce your risk, but you can\u2019t eliminate it. You have a duty to your stakeholders to take all reasonable steps<\/span>, and to keep reviewing that as the risks and challenges evolve.\u00a0 Our security team had a discussion about what might have happened at these two corporates. These are just speculation but it is useful to work through these items and make sure you have these covered off.\n\nFirstly<\/strong>, we noticed CERT NZ put out an advisory<\/a> about protecting systems from remote access vulnerabilities. That can\u2019t be a coincidence. Organisations must make sure every connection is encrypted with a current technology \u2013 and kept up to date with the latest updates.\n\nSecondly<\/strong>, ensure passwords are complex and secure. Don\u2019t use the same password (or a variation) for everything you use. Instead, use a tool that lets you maintain unique, long and complex passwords on every site.\n\nThen there is MFA<\/strong> \u2013 multi-factor authentication. Every account needs MFA.\u00a0 It must be mandatory on everything<\/strong>,\u00a0 If there is one thing that you do, make it MFA.\n\nOne of our guesses is that the system administrators at these sites are a point of risk. These are the people that get sent all the questionable emails and webpages to check out, so are more likely to stumble across malware and infections. To do their job, they often have \u2018elevated\u2019 rights (i.e. MASTER accounts) which give them more access, and also means that if their accounts are compromised, they can cause more harm over more systems. Finally, because they need to log in and out often, they are the ones for whom MFA is a real nuisance, so they are most likely to disable it. Our advice is to have them work normally with a more restricted user privilege and only log in with \u2018admin\u2019 rights when the task they are doing needs it, and they should lead the way with the use of MFA.\n\n[wow_spacing size=\"10px\"]\nAt Kinetics, we insist all our tools require MFA for access. We use a secure (SOC2 certified) password vault, and we\u2019ve extended that so our customers can have access with our KARE Password Vault<\/a> product. Our KARE for Security<\/a> service is designed to add an extra layer of security to existing KARE agreements.\n\nThe law of entropy says that all systems will move towards a state of disorder. This is also true of IT and access rights.\u00a0 To combat that, all systems need a regular review and login accounts are no different. Decisions are made that may well be justified at the time. But weeks, months or even years later, these login accounts become a security risk.\u00a0 So you need to regularly review all local server accounts and passwords, all AD accounts with elevated rights and ensure every account is justified and has appropriate rights levels, and of course regularly change all passwords\n\n[header2 text=\"What actions should you take?\" align=\"left\" color=\"#3ec940\" margintop=\"\"]\n

      \n \t
    1. Patch your software (or use a service like KARE to ensure it is up to date and require regular reports to prove it)<\/li>\n \t
    2. Ensure the use of\u00a0 strong passwords by all staff<\/li>\n \t
    3. Make MFA mandatory for all users<\/li>\n \t
    4. Have regular threat awareness training for staff<\/li>\n \t
    5. Make sure users only have sufficient system access rights to be able to do their job<\/li>\n \t
    6. Regularly review account access, rights and passwords<\/li>\n<\/ol>\n \n\nRefer : [wow_colorme]https:\/\/www.cert.govt.nz\/it-specialists\/advisories\/active-ransomware-campaign-leveraging-remote-access-technologies<\/a> [\/wow_colorme]","_et_gb_content_width":"","footnotes":""},"categories":[4],"tags":[],"class_list":["post-4795","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/4795","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4795"}],"version-history":[{"count":0,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/4795\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4795"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4795"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4795"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}