Info in recent days from such sources as the FBI and Microsoft indicate that the security of computer networks is all a facade. The FBI is saying we are losing the security war, that every major company in the US, and by extension everywhere else, has been cracked and had data stolen by hackers employed by the Chinese government.
The problem with being hacked is that most people don’t even know they have been hacked. The FBI is doing investigations into other things and finding data from companies that don’t know they lost it. How do you know you lost data, it’s still there.
So what do you do? Learn how these attacks happen and stop them. Easy yes? Well according to Microsoft, Google and others the most common attack lately has been targeted phishing attacks getting users to open malware laden documents which load a key logger that then looks for passwords for accounts like admin accounts shared by many it people. These accounts don’t change their passwords often and are usually something easy to remember, that is, weak. (Don’t use whatismypw’ as a password, maybe use something like ”wh4tIsMy9w’.)
For a start educate your users to identify that the message they just recieved is an attack. If we can get users to not open the phishing emails the battle is on the road to a win. Yes we now filter out a massive 95% of all emails as spam or phishing emails but roughly 20% of the emails getting through are still phishing attacks. Of those 99% can be spotted quickly if the user knows what to do.
Then we need to have proper malware detection. While scanners won’t get zero day attacks they do weed out the known malware. Finally we need to identify all of the shared administrative accounts and make them more secure. changing their passwords regularly and using more secure passwords. Also on systems like Linux don’t allow root to login remotely. Make everyone log in as themselves and only use root access for things they need to and then use wheel.
Now you need to also watch for suspicious activity. What you have to watch for is connections to your system from places it would not be accessed from. And data leaving your firewall that should not be getting out. Read your logs, watch for the pattern of an attacker. Watch for connections from weird places. Watch for people who normally don’t connect to certain systems and suddenly they are or their credentials are but them. People showing up as logging in on their day off is a dead giveaway (unless they normally do that of course.)
Security is the job of a few but the responsibility of us all. Don’t do stupid things like pickup that USB key you found and stick it into your computer. Or open that email promising free money from nigeria. And if you get a ltter from the FBI check the internet headers to see it came from an FBI account and not from Brazil or Italy.
China would like to know how we make everything we make. They want to manufacture everything and instead of us exploiting their workers they exploit ours. They are a totalitarian regime who’s people are little more than slaves and give their workers no rights. We support them by buying their exports and getting them to do stuff for us for cheap. China is behind the biggest spying and cracking attempts of all time and they are getting away with it. They want our military and commercial secrets and we have to stop them one company and user at a time.
So hopefully this gives you some ideas of what is happening, the scope of the problem and a few things to start doing to protect yourself. Always use the basics for security: use a firewall, use malware and virus detectors, patch everything religiously. Change your passwords regularly, the recommended rate of change is 90 days at the most. Never use the same password in more than one place. Use a secure browser, don’t visit sites in categories regularly infected with malware. Teach your users and family to recognize phishing emails. Use the highest privacy settings on social media sites. (many more good advice things.)
Stay safe out there.