What can we do to shore up our defenses?
If you already have a firewall, an IDS/IPS, an anti-virus software. Is that all there is to make your network as close to impervious as possible?
I.e. the six sigma security that I have discussed in past blogposts:
http://oversitesentry.com/assume-you-are-hacked-so-get-6-sigma-security/
How to test your environment? – the only way to know is to perform constant analysis on your devices on the Internet and internal network devices.
What does that mean? perform constant analysis?
Here is a paper from Swedish Civil Contingencies Agency
https://www.msb.se/RibData/Filer/pdf/26267.pdf
Vulnerability analysis allows one to review where one is potentially vulnerable.
How does one do that? It can be done with software that makes it automated, since more manual steps is not good.
We can do that with our Alpha scan (which is a variety of tools)
http://oversitesentry.com/alpha/
Vulnerability scanning is done by Qualys at many enterprise organizations.
The Qualys Blog is at https://community.qualys.com/blogs
What are we looking for when we scan or check machines? We are looking for ports and applications running on the machines that respond in a manner that should not be on the machine.
After seeing what is open then check on the system whether that system needs the application port open.
Why do this?
Many hackers want to communicate with their ill-begotten machines and they do that with applications on machines that may have different ports than the ports normally running.
Also Trojans and viruses sometimes also connect or try to connect with other machines to multiply or check for more information.
In essence we are trying to check for any unusual information or port on the system we are testing.
The more you check for anomalies the more likely to find problems – and thus defending your network.
The vulnerability analysis done in the Swedish government is similar in nature, one checks risks and develops plans to review vulnerability analysis of the risks.
If you are not checking your systems you are hoping upon hope the criminals do not find your flaws.
These new criminals (mafia on the net) are not interested in your hope, only your mistakes, they capitalize on all our programmatic and configuration mistakes. Then they make more and more money… like all mafia orgs.
Mr. Bogachev enjoys his money and newfound admiration in Russia’s Black sea coast (a sort of Florida in Russia, where there are beaches and summer homes.
So don’t be looking for anybody in Russia to catch this guy. He masterminds malware and ransomware from his keyboard.