Aaron Fosdick
Contributor
Share on Twitter
Aaron Fosdick is CISO at Randori, a cybersecurity firm that provides offensive security services.
David Wolpoff
Contributor
Share on Twitter
A career hacker, David “Moose” Wolpoff is CTO and co-founder of Randori, a company building a continuous red-teaming platform.
The cyber world has entered a new era in which attacks are becoming more frequent and happening on a larger scale than ever before. Massive hacks affecting thousands of high-level American companies and agencies have dominated the news recently. Chief among these are the December SolarWinds/FireEye breach and the more recent Microsoft Exchange server breach. Everyone wants to know: If you’ve been hit with the Exchange breach, what should you do?
To answer this question, and compare security philosophies, we outlined what we’d do — side by side. One of us is a career attacker (David Wolpoff), and the other a CISO with experience securing companies in the healthcare and security spaces (Aaron Fosdick).
Don’t wait for your incident response team to take the brunt of a cyberattack on your organization.
CISO Aaron Fosdick
1. Back up your system.
A hacker’s likely going to throw some ransomware attacks at you after breaking into your mail server. So rely on your backups, configurations, etc. Back up everything you can. But back up to an instance before the breach. Design your backups with the assumption that an attacker will try to delete them. Don’t use your normal admin credentials to encrypt your backups, and make sure your admin accounts can’t delete or modify backups once they’ve been created. Your backup target should not be part of your domain.
2. Assume compromise and stop connectivity if necessary.
Identify if and where you have been compromised. Inspect your systems forensically to see if any systems are using your surface as a launch point and attempting to move laterally from there. If your Exchange server is indeed compromised, you want it off your network as soon as possible. Disable external connectivity to the internet to ensure they cannot exfiltrate any data or communicate with other systems in the network, which is how attackers move laterally.
3. Consider deploying default/deny.
Must See
-
Other Sports
/ 3 months agoTransfer: Galatasaray target January move for Onyedika
Turkish Super Lig champions Galatasaray are lining up a January move for Club Brugge...
By Amaka Esther -
Other Sports
/ 3 months agoMan Utd too big for you – Ten Hag told to leave club
Former Tottenham Hotspur star, Darren Bent has claimed that Manchester United are too big...
By Amaka Esther -
Other Sports
/ 3 months agoEPL: Yorke tells Ten Hag not to allow Man Utd star near first team
Manchester United legend Dwight Yorke has told manager Erik ten Hag not to allow...
By Amaka Esther