Seeing questions today from very small orgs on what *they* can do re. the heightened ransomware threat.
Let& #39;s review the essential, no-cost things these orgs can--and must--do to hugely reduce risk:
Counter attacks that use:
1. Office macros
2. RDP
3. Net-facing vulnerabilities
Let& #39;s review the essential, no-cost things these orgs can--and must--do to hugely reduce risk:
Counter attacks that use:
1. Office macros
2. RDP
3. Net-facing vulnerabilities
1. You must understand something: In today& #39;s world MS Office is unsuitable for use in default configuration.
Due to weak macro defense settings.
Best is to turn them off where possible. But you MUST, at very minimum, block macros from the Internet. https://www.microsoft.com/security/blog/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/">https://www.microsoft.com/security/...
Due to weak macro defense settings.
Best is to turn them off where possible. But you MUST, at very minimum, block macros from the Internet. https://www.microsoft.com/security/blog/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/">https://www.microsoft.com/security/...
I can& #39;t emphasize this enough: Microsoft Office cannot be used with reasonable security by organizations on PCs where users have access to email and web browsing without changing the default macro settings.
Period.
Period.
You should also look at this excellent information on the topic of hardening Office against macro threats:
https://www.cyber.gov.au/sites/default/files/2019-03/Microsoft_Office_Macro_Security.pdf">https://www.cyber.gov.au/sites/def...
https://www.cyber.gov.au/sites/default/files/2019-03/Microsoft_Office_Macro_Security.pdf">https://www.cyber.gov.au/sites/def...
2. Attackers are prolifically using RDP and other forms of remote access to break into organizations via weak passwords and shared passwords that have been compromised.
If these are needed, use 2FA. But at minimum all remote access accounts MUST have unique, strong passwords.
If these are needed, use 2FA. But at minimum all remote access accounts MUST have unique, strong passwords.
"Strong" passwords, for current purposes, are at least 12 random characters in length or 3-4 randomly chosen words from the dictionary.
Be mindful to look for "dangling" remote access. That is, remote access that is no longer used but was never disabled.
Be mindful to look for "dangling" remote access. That is, remote access that is no longer used but was never disabled.
3. Finally, anything that faces the Internet MUST be up-to-date on patching. Routers. Firewalls. VPNs. RDP. Mail servers. Etc.