As groups around the world continue the conversation around cybersecurity – we’re at the midway point of National Cyber Security Awareness Month (#NCSAM) in the U.S. and European Cyber Security Month (#CyberSecMonth) – and speed toward the holidays, we at Cisco Talos want to touch on how to stay safe online during this busy time of year. We are seeing a lot of talk about ransomware lately, but let’s think bigger.
Before ransomware can be a problem, an attacker needs to gain entry to your system. Once an attacker has a strong foothold, they can do what they want within the limits of their capability – keyloggers, shells, the oft-mentioned ransomware, and much more. With that in mind, let’s focus on a broader set of security tactics you can employ that protect against the boogeyman du jour, as well as a host of other nastiness you could encounter.
I asked a few of my Talos team members to give us their best advice about how to stay safe online and to avoid these threats in the first place. I got many interesting responses that I would like to share here. Thank you Earl Carter, Tazz Worley, and Warren Mercer for sharing your expertise. For more in-depth coverage, check out Martin Lee’s Threat Briefing webinar on October 18.
BACKUP. PLEASE. JUST DO IT NOW.
Commonly available services like iCloud, Google Drive, OneDrive, Box, etc. make back-up easier than ever. However, most people still aren’t doing it regularly. According to Techiestate, 18 percent of users NEVER backup and 39 percent only back up “when they remember”. You just remembered. Go ahead and run a back-up now. I’ll be here when you’re finished. I’m serious…
Warren Mercer: A valid method of survival against most malware is to ensure you have sufficient backups in place. Simple things such as photos, music, schoolwork, and family videos are some items that you should consider backing up to a cloud service or to a removable storage device.
Earl Carter: Yes, backing up is crucial to protect against ransomware and other malware. One problem with backing up is that more advanced malware can attempt to encrypt or corrupt backup information if it is accessible [on the same system/network]. Since USB drives are relatively cheap, a simple solution can be to alternate between a couple of different drives. This also provides a backup for hardware failure in the process.
Running out-of-date Software
Here’s a scary fact. When a software company releases a patch, it’s possible to have an exploit for the out-of-date versions before the workday is complete. Have you been ignoring those software updates because you are in the middle of some other task? It’s hazardous to your online health, similar to how people and pets need to stay up-to-date on immunizations to avoid disease.
Earl: Attackers take advantage of vulnerabilities in software. Patching software as proactively as possible makes it more difficult for attackers to target your system. You need to actively patch all of the software that you use to help minimize your attack surface.
Risky Clicks
Even those of us who are “security minded” can fall victim to one of the oldest and simplest tricks in the book – the bad link click. Phishing attacks (and their more insidious cousin spear-phishing attacks) are a very common and effective attack vector. These attacks have grown in sophistication and effectiveness over time, but they still rely on one action – you clicking the bad link.
Earl: Be cautious when opening any email attachments. The same applies to clicking on links provided in email messages. Blindly opening attachments and clicking on links is incredibly dangerous.
Warren: You can protect your personal information by taking some care as to what you open, click on or accept from people or individuals you do not know. The aim of a lot of phishing-based attacks is to try and entice the end user to click ‘something’ – generally that something can be a malicious or compromised host which is used to deliver malware to the end user. Sadly it is not always evident as to what is a phishing email and what is not to a general member of the public. This is why people should ensure they are only opening information they are expecting, even if it appears to come from a friend.
But what if it is a very crafty email that looks like it came from a friend or you happened to get caught at the perfect moment of inattention? Is there a safety net? (Hint: Check out The Rising Tide of Spam Webinar on October 26.)
Earl: Using software that blocks malware on your system is important in providing extra protection against malware attacks in general. For home users, if you are running a version of Windows, you can install a Talos favorite, Immunet (http://www.immunet.com/) on your system. Blocking access to known bad domains is a quick step towards stronger security. Over 90 percent of malware uses DNS to access its command & control infrastructure. Installing OpenDNS is a simple way to gain extra protection against these threats. There is a free option for home users (https://www.opendns.com/home-internet-security/).
What about so-called “drive-by downloads” that don’t require a user to click?
Tazz: Use adblockers and don’t disable them when a site asks you to. Personally, I don’t visit sites that require you to allow them a free pass around your adblocker. For those who are super security conscious, I would say encrypt your hard drive and files with a strong and unique password. Also, don’t store or save what you don’t need and print critical docs and keep them offline for archive.
Defense Wins Championships
A little bit of daily defense helps give peace of mind against the headline-grabbing threats. It also can protect against the garden variety threats that are commonly used to get that first foothold in a system to exploit it further. We can use the tips above to mitigate attacks and recover more quickly if we are compromised. For individuals and businesses, it is not a matter of IF we will be attacked, but a matter WHEN and how ready we will be when it happens.
For more information on the latest threat research from Talos, please check out the latest blog at www.talosintelligence.com.
Join the National Cyber Security Month conversation on Twitter @CiscoSecurity #CyberAware.
Is Immunet still actively developed? The program looks a little dated.
Yes, Steve, very active. Immunet 5.0 was just released at the end of August and maintains a free version for personal/home use. The “Business” version of Immunet is Cisco’s AMP for Endpoints – it utilizes the same community threat telemetry and cloud computing, but with more options to best fit business needs.
Excellent blog post. I agree 100% with all your insights and those from your Talos’ team. In nowadays, for individuals, and businesses it’s very important to follow basic behavior rules regarding security issues. But unfortunately many prefer to ignore them until they have the problem. Thank you for sharing it. Deeply appreciated.