It’s fall. The federal government is in the 4th quarter at the 2-minute warning. Ransomware has the ball and is heading down the field. Will your defense be strong enough to hold?
In their Ransomware Guide, the Cybersecurity & Infrastructure Security Agency (CISA) defines ransomware as “a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.” Bad actors then demand a ransom in exchange for getting your files back.
Ransomware attacks require administrative access to a machine, and they can get that access in a multitude of ways. The two most common are:
- Through a phishing email attack where a user downloads an infected attachment of any kind, including Word documents.
- By browsing an infected page/site or a web server exposed to the internet being broken into by botnets or other threat actors.
In the federal government, there are many strategies your team can use to stop ransomware from getting past your defensive line. You may already have or use existing software that has security built-in or tools that can help ease the burden of system hardening. And then there are STIGs (Security Technical Implementation Guides) that you can use for additional coverage that make it nearly impossible for their offense to reach your end zone.
Mitigating The Risk of Computer Takeover
There are existing STIGs in place that help address three major attack vectors from the Microsoft Office suite, operating systems or your web browsers.
MS Word restricts the use of macros (or code that can be run through MS Word) as a means of stopping a maliciously altered word doc attached to an email from seizing control of your pc. MS Word and other Office STIGs prevent related behaviors and linking to external websites which can also be used to automatically download malicious files. Even though the MS Word file may not be bad, there may be a malicious link embedded in the document, as opposed to directly within the email itself. Many web filters block links inside emails, so bad actors hide them inside the documents as a means of doing an end around or reverse to fool your security.
When it comes to your operating systems, the first line of defense is to keep your system updated. Beyond that, STIGs defend against the current playbook. One strategy is to block malicious actors upon entry by following password complexity requirements and limiting the number of failed log-in attempts. A second strategy is auditing your controls in conjunction with tools like Splunk to see when someone is either doing reconnaissance on your systems or even attempting a brute force attack. With this early warning, you are able to track down the source of the breach and disrupt the bad guys before they are able to execute the play.
When it comes to browsers, STIGs mitigate threats by reducing the attack surface. This includes prevention of running mini java applets or downloading cookies and software without authorization or being consulted. These items are the most common means of assuming control of a machine through a browser.
Stack the box on defense with automated hardening.
STIGs are an essential tool for keeping the opposing team off balance, slowing down attacks and stifling the competition. So, many consider STIG automation to be an MVP when it comes to hardening government systems, especially in today’s remote-work world.
Manual hardening can mean weeks or months before a new tool is available for use, and the efforts are prone to human error. With STIGs being updated every 90 days your team needs to be quick on their feet to defend against attacks.
SteelCloud’s ConfigOS turns your defense into the likes of the Vikings’ “Purple People Eaters” of the 1970s, by meeting STIG requirements in about an hour. We raise the level of play, speeding implementation, cutting off penetration angles and eliminating the chance of human error before the opposition can develop a sustainable drive or score on you. If you want your defense to be able to do the Super Bowl shuffle, then let’s win together.