According to the US DHS, Russian hackers targeted more than the DNC. Their “aggressive and sophisticated” cyberattacks also targeted universities, political organizations, and corporations. We expect these attacks to continue and possibly increase in 2017, using spearphishing and other methods. Here are a few tips to protect your data and privacy.
What is Grizzly Steppe?
Grizzly Steppe is the US Government’s codename for the “aggressive and sophisticated” cyberattacks on US entities by Russian hackers in late 2016. Most famously, these attacks targeted “infrastructure associated with the US election.” Guidance from the Department of Homeland Security, however, identifies non-government targets as well.
Who is targeted?
The analysis report specifically mentions “government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations“. The hacks have led to the “theft of information.” Some stolen information has been exposed, and some news outlets report that information can still be used to blackmail its owners.
The primary method of hacking was a very sophisticated phishing campaign known as spearphishing.
We expect cyber attacks to continue unabated, if not increase, in 2017. We urge everyone to take additional steps to protect their information and privacy. This is especially important for organizations that feel their public image can be tarnished by the release of information, and organizations that see themselves as a prime target for similar attacks.
Protecting your data and your privacy
Below are suggested tasks to improve the security of your websites. Some organizations have already undertaken these tasks for their office network, but websites, CRMs, AMS, and other public-facing tools are often forgotten.
- Clean up and secure administrator accounts.
- Scrub and verify administrator accounts.
- Change passwords and enforce a strong password policy.
- Use password-management tools such as LastPass.
- Improve login security. Implement 2-factor authentication.
- Understand your risk. A cybersecurity risk analysis will help you identify the vulnerabilities and threats to your organization.
- Train staff. Understand the differences between phishing and spearphishing. Train staff to distinguish between the two and alert IT if targeted.
- Use secure protocols. Implement secure protocols such as SFTP, and discontinue FTP.
- Implement HTTPS across all websites. Most importantly, implement HTTPS on all sites where users can log in.
- Backups! Verify that backup systems work, and test backups on a regular basis. Implement suitable backup and archival policies.
- Use a web application firewall. Cloudflare and Sucuri are both good alternatives.
- Implement mod_cloudflare or similar to make sure you log real IP addresses.
- Have a response plan. Implement a suitable incident response plan. Distribute and train staff on what to do in case of a cyberattack.
- Coordinate your IT strategy. Our clients often rely on their office IT vendors to identify and stop cybersecurity threats. The office IT team cybersecurity efforts need to be coordinated with the web/online IT, so that spear-phishing campaigns can be more readily identified.
Seek professional help
Cybersecurity of your website and network can seem like a daunting task. But it doesn’t have to be. If you have any questions, or would like our help in implementing any of these, please don’t hesitate to contact us with your cybersecurity questions.