Global Ransomware Attacks

jinjuku

jinjuku

Moderator
Keep your stuff patched and reduce your surface area. Upside is our remediation hours are soaring. 1/2 the customers are ones we've tried to encourage patching as a service.
 
GO-NAD!

GO-NAD!

Audioholic Spartan
I don't know what the answer is, but badgering overworked and rushed employees to not click on suspicious links, as a last line of defence, is not it.
 
Verdinut

Verdinut

Audioholic Spartan
So what is the solution for home PC?
I have been using Malwarebytes Premium for roughly 20 years. I never had my computers infected and I trust that company 100%. For what they're asking for the protection, it's a real bargain. This company counts several experts in cybersecurity.
 
cpp

cpp

Audioholic Ninja
I have been using Malwarebytes Premium for roughly 20 years. I never had my computers infected and I trust that company 100%. For what they're asking for the protection, it's a real bargain. This company counts several experts in cybersecurity.
I've been using Bitdefender Total Security plus NORD VPN for years ( never had any infections) but I think the real key is for users to have some kind of Ransonware software loaded on their device and not allow their device to be vacate of any virus/ransomware/malware protection, etc..
 
jinjuku

jinjuku

Moderator
Can you explain the patching, and the surface area. You lost me. Thanks
A lot of business have everything from the obvious end user computers to servers. In between all of that are network switches, Wifi Access Points, Firewalls, Routers, Load Balancers, Intrusion Detection and Prevention hardware, VPN concentraters, Virtualized appliances, the list goes on.

Anyone of these could have an exploit that is known, that a patch would take care of and they are 8 months out of date.

Normally patch schedules are current release minus 1. So if vendor ACME Co. has their Firewall 1000 and the latest release is 7.4.0 and the one prior is 7.3.11 you run on 7.3.11 unless 7.4.0 fixes a vulnerability.

Surface area is limiting external access, placing untrusted devices like your phone, non-corporated computers, etc in a walled off vlan.

Look up 'endless ssh banner'. Us geeks laugh at this stuff.
 
cpp

cpp

Audioholic Ninja
A lot of business have everything from the obvious end user computers to servers. In between all of that are network switches, Wifi Access Points, Firewalls, Routers, Load Balancers, Intrusion Detection and Prevention hardware, VPN concentraters, Virtualized appliances, the list goes on.

Anyone of these could have an exploit that is known, that a patch would take care of and they are 8 months out of date.

Normally patch schedules are current release minus 1. So if vendor ACME Co. has their Firewall 1000 and the latest release is 7.4.0 and the one prior is 7.3.11 you run on 7.3.11 unless 7.4.0 fixes a vulnerability.

Surface area is limiting external access, placing untrusted devices like your phone, non-corporated computers, etc in a walled off vlan.

Look up 'endless ssh banner'. Us geeks laugh at this stuff.
Hey thanks for the explanation. .
 
jinjuku

jinjuku

Moderator
So what is the solution for home PC?
1. Don't run with an Admin account. Create a separate admin account and reduce your account to a user account.
2. Strong passwords and change them every now and again
3. Use a password manager like roboform for websites (I no longer trust LastPass with their breaches). It's a web browser extension/plug in.
4. Every single site gets it's own password.
5. Use a secure DNS server like 208.67.222.222 and 208.67.220.220
Better yet roll your own Pi-Hole DNS server and setup for recursion. Recursion is this:
You go to audioholics.com/contactus. Recursion will actually grab ALL records that audioholics has in their
dns zone and make a local copy. For a set amount of time any further look ups happen locally. The benefit is you reducing the amount of telemetry you are putting out there. Tutorials abound. Pi-hole is also a network wide ad
blocker. Make sure to white list audioholics ;-)
6. Keep AV and Malware protection up to date
7. Keep your FW up to date.
8. If multi-factor authentication is an option at sites, enable it.
 
Steve81

Steve81

Audioholics Five-0
1. Don't run with an Admin account. Create a separate admin account and reduce your account to a user account.
2. Strong passwords and change them every now and again
3. Use a password manager like roboform for websites (I no longer trust LastPass with their breaches). It's a web browser extension/plug in.
4. Every single site gets it's own password.
5. Use a secure DNS server like 208.67.222.222 and 208.67.220.220
Better yet roll your own Pi-Hole DNS server and setup for recursion. Recursion is this:
You go to audioholics.com/contactus. Recursion will actually grab ALL records that audioholics has in their
dns zone and make a local copy. For a set amount of time any further look ups happen locally. The benefit is you reducing the amount of telemetry you are putting out there. Tutorials abound. Pi-hole is also a network wide ad
blocker. Make sure to white list audioholics ;-)
6. Keep AV and Malware protection up to date
7. Keep your FW up to date.
8. If multi-factor authentication is an option at sites, enable it.
Great advice! Multi-factor authentication in particular is an easy way to keep things more secure.
 
Verdinut

Verdinut

Audioholic Spartan
It's unfortunate that there are only a few websites that accept a security USB key. With this key, you don't need complex long passwords, nor a PW manager. Moreover, you can use the same simple short password for all your logins.
 
Steve81

Steve81

Audioholics Five-0
It's unfortunate that there are only a few websites that accept a security USB key. With this key, you don't need complex long passwords, nor a PW manager. Moreover, you can use the same simple short password for all your logins.
My bank uses MFA via text message to my phone. Most of the (necessarily secured) apps I use for work use MFA via an authenticator app on my phone. I prefer the latter method. And it's a lot easier to manage than trying to keep track of physical tokens/keys for all the things you need properly secured.
 
ben_

ben_

Junior Audioholic
My bank uses MFA via text message to my phone. Most of the (necessarily secured) apps I use for work use MFA via an authenticator app on my phone. I prefer the latter method. And it's a lot easier to manage than trying to keep track of physical tokens/keys for all the things you need properly secured.
MFA over SMS isn't really considered secure any more. You should see if your bank has other options.
 
Steve81

Steve81

Audioholics Five-0
MFA over SMS isn't really considered secure any more. You should see if your bank has other options.
Thanks for the suggestion! I hadn't really given that much thought.
 
Verdinut

Verdinut

Audioholic Spartan
My bank uses MFA via text message to my phone. Most of the (necessarily secured) apps I use for work use MFA via an authenticator app on my phone. I prefer the latter method. And it's a lot easier to manage than trying to keep track of physical tokens/keys for all the things you need properly secured.
You would need only one key for all logins.
 
Steve81

Steve81

Audioholics Five-0
You would need only one key for all logins.
I see; I haven't seen such a thing before. What happens if you lose the key? I use Google Authenticator for my business, and recovery of all the various tokens seems easy enough from that end (though I have never had to try). I have to replace the phone of course.
 
jinjuku

jinjuku

Moderator
MFA often supports products like M$ and Google Authenticator. If you really get paranoid you can run a firewall like Fortigate and using their local certificates use it to do TLS inspection as you go to various websites.

This is a licensed/subscription service however.

Basically it's a TLS proxy. You install the fortigate cert on your computer. When you make a request to say www.audioholics.com your computer actually makes a connection to the firewall, the key you installed allows the firewall to decrypt the session and then it makes it's own connection to www.audioholics.com using the AH certificate and passes your requested traffic and inspects the stream. Repacks it using its certificate and sends it back to your browser.

There is also IDS, A/V, File scanning etc.
 
Verdinut

Verdinut

Audioholic Spartan
I see; I haven't seen such a thing before. What happens if you lose the key? I use Google Authenticator for my business, and recovery of all the various tokens seems easy enough from that end (though I have never had to try). I have to replace the phone of course.
Yubico security keys are one of the most popular such products that you find on Amazon site. See what they suggest as a safeguard in the case of lost of one key. If you lose one, there s no way anyone can identify your info with what was programmed on it:

 

Latest posts

newsletter

  • RBHsound.com
  • BlueJeansCable.com
  • SVS Sound Subwoofers
  • Experience the Martin Logan Montis
Top