12 Days of Red Teaming – Day 12, Cyber Security recommendations for Santa | Cybaverse

Our 12 Days of Red Teaming is now complete! We were able to infiltrate the systems at Lapland Industries using a number of the TTPS utilised by cybercrminals Gruber Group and exfiltrate and encrypt a dedicated copy of the Naughty or Nice list.

Over the course of the assessment, we have uncovered several familiar vulnerabilities, which we have summarised below, along with the ways to protect your business from threat actors this festive season.

5 ways to protect your business against Cyber Attacks this Christmas

1. Secure your wireless network

Threat actors can ‘sniff’ wireless networks, looking to establish a connection or ‘handshake’. Depending on the network layout, segmentation and what clients are connected this could be an effective way to leverage further attacks or to monitor traffic.

Protect your business by:

• Ensuring your Wi-Fi boundaries are appropriately set
• Using strong passwords
• Using effective encryption tools

Increase awareness of Social Engineering attempts

It is thought that around 90% of data breaches utilise some form of Social Engineering during the attack. Communicating the importance of Cyber Security and increasing awareness of Social Engineering attempts can make a huge impact on the success rate of such attempts.

Protect your business by:

• Ensuring that first line protection is in place, ensuring that as few emails/calls get through to employees as possible

• Building a Cyber Security culture where employees are aware and rewarded for acting safely

• Ensuring regular training on the different types of phishing and vishing is completed

2. Have comprehensive passwords

Password Spraying is a type of brute force attack where hackers look to avoid session lockouts by trying the same password against multiple accounts. Unfortunately, password spraying is common practice for Threat Actors, with Microsoft estimating that more than a third of account compromises are password spraying attempts.

Protect your business by:

• Enabling password protection, blocking the use of easily guessable passwords in the first place. Go one step further by creating your own list of words that are not allowed to be used, such as days, months, seasons, colours and company names. You can also extend this to consecutive numbers, banning the use of 123, for example
• Undertaking regular Penetration Testing. Penetration often tests the effectiveness of password spraying against other tactics such as social entering to give you a more holistic view of your organisation’s security posture
• Removing passwords altogether. There are now solutions in place that let accounts authenticate using biometrics and a physical device. Eliminating the risk of Password Spraying altogether

3. Secure your physical premises

It is thought that around 10% of malicious data breaches are supported by a physical security breach. Ensuring that your office or site is secure can help from both a Cyber Security and an inventory perspective.

Protect your business by:

• Having appropriate physical security measures in place; Employee IDs and that these are appropriately encrypted to avoid duplication
• Educating staff on the threats that can emerge from a physical security breach and promote awareness of tailgating and stranger danger
• Securing any rooms that have access to the network such as meeting rooms and communal spaces

4. Check standard security measures

Businesses often utilise several different applications on a daily basis. Organisations should check each application regularly to ensure that it is as secure as possible.

Protect your business by:

• Installing security patches appropriately and as quickly as possible
• Regularly checking for security misconfigurations such as unprotected files and directories and remote access settings

5. Have a robust detection and response protocol

If the steps taken above fail, then often an organisation’s last resort is its endpoint detection and response software. The effectiveness of these tools can be enhanced with the items below.

Protect your business by:

• Behavioural logging and alerting should also be considered. For example, an alert should be raised if an account that has never logged on before suddenly accesses a machine
• Implement a canary account, such as a service account with an easily crackable password (like MerryChristmas!) that alerts the minute it is used
• Conduct regular Red Team assessments that highlight vulnerabilities to ensure that the business is always protected

Managing your cyber security

If you are concerned about the cyber security of your business, Cybaverse can help. We offer a no obligation scope and proposal consultation to help you identify security goals, ensuring you get the most from your Red Team Engagement and cyber security projects. We also offer other services such as Penetration Testing, SOC and MDR.

Please don’t hesitate to contact our experts and we wish all our clients and network a safe and Happy Christmas and new year.

‍