Between the new Cybersecurity Executive Order from President Biden and the explosion of ransomware attacks worldwide, Cybersecurity is the word on everyone’s lips in the business world these days.
(This article originally posted in 2021. However, the cybersecurity advice still holds, and we recommend our clients all implement the most effective permissions systems possible.)
But with the Kaseya data breach and the new print spooler vulnerability in Microsoft, though, have really got IT people like me talking. Why? Because they go beyond just the standard phishing and spoofing attacks and hit at the heart of most organizations’ command and control structures—their IT administration. Hackers aren’t going after your weakest links. They’re going after your strongest ones, and going straight to the top. And once they’ve breached your organization at the system admin level, there’s not much a hacker can’t do in your network.
Fortunately, there’s always a fix for a hack, and even more that can be done with a little awareness and prevention. Let’s take a deeper dive and talk about how that gets done.
Microsoft Print Spooler Hack:
In a near-perfect illustration of the old adage “no good deed goes unpunished,” the latest print spooler vulnerability in Microsoft was found and publicized by security researchers. They discovered a way to enter the back door of a company by exploiting vulnerabilities in a company’s print server. And because print servers are usually manipulated using administrator-level access, a hack in this area can also be particularly damaging. They published their findings thinking Microsoft had already circulated a patch for it.
They hadn’t. And until they do, any company that uses Microsoft Office and a printer server to share printers is at risk.
The easiest way to way to address what’s being called the “PrintNightmare” is to turn off your server. But most companies can’t afford to cut off printing entirely, just to address a print spooler hack. So what do you do?
Here at Integris, we’re already working on installing new remediations and custom, automated protections that will suffice until Microsoft releases the “official” patch. We’re installing them on every client’s system, immediately. I recommend talking to your IT management staff and ensuring they are on top of those patches, too. It’s a simple fix that doesn’t take long to implement, but it’s important your company address it, immediately.
The Kaseya Breach—attacking at the system admin level:
Kaseya is a widely used platform that consolidates IT administration into one portal—tasks like service ticketing, security monitoring and so much more. Chances are good that your internal IT staff or your managed services provider is using a tool like Kaseya to help them track and manage their work. And when a service like Kaseya gets hacked with a virus or a system takeover, the power it has to infiltrate your network is potentially devastating.
Thankfully, my firm uses a different vendor than Kaseya for this kind of management platform, so we haven’t had to deal with any Kaseya ransomware attempts. But we’re not so naïve to believe this couldn’t happen to us. We’re taking some evasive actions to help close the door on this type of attack and we suggest you do the same.
What should your action items be? Start with looking into your security management systems. Try to eliminate much code from outside vendors/tools as possible, by replacing it with your own. Then I would also strongly recommend placing alerts throughout your system, so multiple levels of administrators will know when outside access to the tool is being requested. Does that add to the level of chatter and alerts you have to track? Yes, it does. But right now, you can’t afford to take your eye off this ball.
What else can you do? Start by Leveling up Your Permissions:
The lesson in all these hacks is that hackers are targeting the top of your administration chain. And you’ll need to ensure that you’ve protected your command and control structures.
That means you should tighten up your protocols. If your company still doesn’t have two-factor authentication to verify an employee’s identity at log-in, you can’t afford to put that off. For administrators, multi-factor identification should become the norm, with security gates and alerts hard-baked into your system.
I also recommend creating security levels for your IT team, whether they be through an MSP like Iconic, or through your own internal staff. Apply the principle of “least privilege access.” This means that only a group of elite “super users” can access every IT management tool and process. Then a secondary group of “developers” would have access to code-building tools. “Support users” would have access to tools needed to manage service tickets, and finally “vendors” would only have access to the panels they need to do their work.
The Takeaway? Make Data Security A KPI
What if a company paid as much attention to its security as they do to other bottom-line issues, like profit, loss, and shareholder dividends? How well your cyber security strategy is working should be a key performance indicator for your company. According to the 2019 Cost of Data Breach Study by IBM Security/Ponemon Institute, the average data breach compromises more than 25,000 records and costs a company an average of $3.92 million. Can your company afford to ignore numbers like these?
Start with some of these strategies here for addressing the Kaseya data breach and the Microsoft print spooler hack. And take a look at Iconic’s latest advice on how to talk to your employees about cybersecurity. You may find that the journey to becoming a truly cyber-secure company is shorter than you think.
