Is Destructive Malware Slowly Becoming a Common Trend?

 Ask any end user or general IT administrator which cyber-attack they are most fearful of. There is a good chance they will respond with “Ransomware”. I would quickly argue that any IT administrator who is worth their paycheck should not be fearful of Ransomware. A robust backup plan, a tested and proven incident response/recovery plan and an IT staff that has a sound understanding of their own environment should allow for a smooth and efficient recovery from Ransomware. I on the other hand, based on a trend that is growing, would be fearful of the purely malicious and cruel “Destructive Malware” attacks.Some notable destructive malware attacks include the NotPetya attack from June 2017, a recent attack on a California voter database and most notably the Olympic Destroyer data-wiping malware that has caused havoc at this year’s Winter Olympic Games. These attacks, especially the NotPetya and Olympic Destroyer attacks, have caused a lot of frustration for those affected, and in the case of NotPetya, large monetary losses. While it is easy to understand the motivation for the actors behind these attacks (politically motivated in a lot of cases), it is also a scary sign of what the future may hold.It is abundantly clear that a lot of organizations do not implement the necessary security controls or policies required to protect themselves from malicious cyber-attacks. When non-nation state actors and low-level actors decide to start spreading destructive malware with more frequency, any organization that does not maintain a strong security posture will surely experience tremendous frustration, significant monetary losses and possibly the agony of shutting their doors.If you’re reading this and feel your organization lacks the necessary security controls to properly protect yourselves from destructive malware, Ransomware or other cyber-attacks, the following list may help.NOTE: In no way is this meant to be an all-inclusive list. I, as well as any other security professional, can write an entire book on recommended steps for securing your organization. This list is meant to provide a very basic overview of recommended steps for beginning the process of securing your organization. Basic Steps for Securing Your Organization

• Lock down your external exposure.
  • Open network ports externally only if they are required for your organization to properly function.
  • Any systems that need to be publicly exposed should be placed in a DMZ.
• Ensure your systems are up-to-date on all critical system and security patches.
• Ensure your systems are protected by up-to-date and properly functioning anti-malware/virus protection.
• Ensure your users are properly trained on how to utilize their email, web and other resources safely and securely.
• Implement a robust backup solution that allows you to quickly and efficiently recover from a cyber-incident or system failure.
• Develop an incident response/recovery plan for an organized and efficient response to any cyber-incident or other business interrupting event.
• Conduct a risk assessment.
  • If possible, have a third-party conduct the risk assessment.
• Identifying where your organization is most vulnerable will help prioritize your security tasks and deployment of available resources.
  • Lock down user permissions.
  • Lock down local administrators across your organization to only the necessary administrator accounts.
  • Lock down the domain admins group to only the necessary administrator accounts.
  • Create separate admin and non-admin accounts for users who need administrator-level access.
• Limit the use of removable media devices on your organization’s systems.
• Implement application control across your organization, black-listing insecure applications.