Ransomware and other cyber attacks are on the rise and Connecticut was in the spotlight not long ago. In March, 2022, the Town Hall and Police Department in Plainfield were struck by a foreign cyberattack that disabled all the institutions’ computers.
The attackers demanded $199,000 worth of Bitcoin and the reaction from the officials was prompt: “We’re going to try and upgrade our servers to stop the stuff in the future,” said First Selectman Kevin Cunningham. “Once the system is restored, all town employees will go through a series of training to prevent this from happening again.”
Cunningham detected the right approach here because most attacks arise from the lack of knowledge and training of the employees, whether we’re talking about public or private organizations. Even the best defenses can be breached if the employees are not aware of basic security practices.
In Microsoft’s latest Digital Defense Report, the main problem affecting organizations right now is the business email compromise. BEC is the costliest financial cybercrime, with an estimated $2.4 billion in losses in 2021. The figure represents more than 59 percent of the top five internet crime losses globally.
Email compromise leads to the most dangerous scenario for any organization: ransomware attacks. The attacker gains access to the organization’s resources and steals crucial information and later demands a ransom to restore them.
According to Microsoft’s report, 93% of the investigations during ransomware recovery engagements revealed insufficient privilege access and lateral movement controls.
We all know that most attacks rely on the attacker obtaining administrative access. If you have a common local admin password, the attacker will take over the whole system in seconds.
Microsoft has provided a solution for this problem for years now, It is called Local Administrator Password Solution (LAPS) and provides management of local account passwords of computers in a network. Passwords are stored in Active Directory (AD) and protected by ACL, so only eligible users can read it or request to be reset.
So, the whole point of ransomware is to steal data by gaining access through an administrator account. However, according to the same Microsoft report, 92% of organizations impacted by ransomware did not implement adequate data loss prevention controls to mitigate these risks.
In the State of Connecticut IT Strategic Plan for Fiscal Year 2023 we find some changes in the infrastructure: “The two data centers, one in Groton, and the other a partnership with the Commonwealth of Massachusetts to share a backup data center in Springfield, MA has helped in incrementally moving agency computing from older, location-based technology to a modern, shared, private cloud infrastructure. The adoption of Microsoft Azure and Amazon Web Services for multiple use cases have provided more options for many workloads and applications.”
The state even came up with a cybersecurity resource center for small businesses and safe practices guidelines for the community. Basically, they educate the citizens and businesses on best practices and common knowledge on security which is an essential step in preventing attacks and covering vulnerabilities.
However, the officials still admit that they are using Windows 10 Enterprise computers in their infrastructure, promising to upgrade to Windows 11 in the future. Windows 10 still receives security updates all organizations need to make the change by 2025, when the OS will become obsolete, and update their systems regularly.
Another issue for the state’s systems is the huge number of applications that drain the support resources: “One substantial result of the continued program-specific and agency-specific focus is the high number of applications in the state’s portfolio. Although the state reduced the number of applications from 762 in 2018 to 625 in 2019, a substantial improvement, there are still too many applications. Most of these applications have been in place for several years (average age 11.7 years old) and represent a major drain on resources for support.”
Keeping over 600 applications in check, updating them, and ensuring that they don’t offer any loopholes for the attackers can be a daunting job for any IT team and when the IT budget is getting smaller and smaller, this turns into a huge risk.
According to the Microsoft report, 98% of attacks can be mitigated by basic security hygiene practices like keeping your hardware & software up to date, using modern anti-malware, enabling multifactor authentication, applying zero trust principles, and protecting your data.
To draw a conclusion from all this, never open emails and attachments from senders you don’t know. The attackers may impersonate or disguise themselves as your service providers or business partners and request key data. Always analyze and question these requests and only follow through if you are absolutely sure that they are legitimate.
Installing software and downloading software from untrusted sources is also an issue because it may lead to theft of data, identity, and credentials.
The call for Windows hardening techniques is a global topic, not just for Connecticut. It’s only a matter of understanding the risks and applying the proper methods to keep the data and credentials safe.
Vlad Turiceanu is the Editor-in-Chief at windowsreport.com, a leading independent online publication that covers Microsoft’s Windows platform and its related products and services.