- Microsoft recently released its annual security report, which highlighted the increase in cryptomining and supply-chain attacks in 2018. The findings upheld those from other security researchers from earlier this year: Ransomware attacks are in decline and cryptocurrency miners are the top malware threat.
Supply-chain attacks continue to surge, where hackers use a business partner or other vendor to infect a primary organization.
The global NotPetya attack of June 2017 is the biggest example of the serious impact these attack can have across all sectors. The initial attack was part of a compromised update process of a business application in Ukraine. While not its prime target, Nuance Communications dealt with service interruptions for an extended period of time as a result of the cyberattack.
“Supply chain attacks are insidious because they take advantage of the trust that users and IT departments place in the software they use,” the report authors wrote. “The compromised software is often signed and certified by the vendor, and may give no indication that anything is wrong, which makes it significantly more difficult to detect the infection.”
“By poisoning software and undermining delivery or update infrastructures, supply chain attacks can affect the integrity and security of goods and services that organizations provide,” they added.
Best Practice Security
In addition to its findings, the tech giant also shared its best practice security tips that will help organizations, including those in the healthcare sector, fend off these attacks.
Preventative controls are crucial to the overall defense strategy, and organizations should invest in areas with the lowest cost techniques to “steadily remove cheap and effective attack techniques.” This begins with security hygiene: securing privileged administrator accounts and configuration baselines provided by vendors.
Organizations also need to “immediately deploy critical security updates for OS, browsers, and email. Isolate (or retire) machines that cannot be updated or patched,” in addition to using “advanced email and browser protections.”
“Deploy a secure email gateway that has advanced threat protection capabilities for defending against modern phishing variants,” the report authors wrote. “Enable host anti-malware and network defenses to get near real-time blocking responses from cloud (if available in your solution).”
The report also stressed the need for implementing access controls. Given that Microsoft’s report echoed a recent Proofpoint analysis that found hackers are leveraging phishing attacks for credential compromise, this step should be a priority for health providers.
The crux of identity access management is the principle of least privilege, where networks are segmented, local administrator privileges are removed from end-users, and caution is exercised when granting application permissions.
Organizations should also restrict the applications users are allowed to run on their computers and use application whitelisting.
“If possible, adopt a security solution that will restrict the code that runs in the system core (kernel) and can block unsigned scripts and other forms of untrusted code,” the report authors wrote.
Lastly, Microsoft provided crucial recommendations for just how to employ backups. First, organizations should create destruction-resistant backups of critical systems and data and user cloud for automatic backups of online data.
“For data that is on premises, regularly back up important data using the 3-2-1 rule. Keep three backups of your data, on two different storage types, and at least one backup offsite,” the report authors wrote.
“Teach employees to be wary of suspicious communications that request sensitive information and instruct them how to respond and report them to the organization’s security operations team immediately,” they added. “Training can also help mitigate social engineering and spear-phishing attacks.”