Recommended security practices
There is no silver bullet to security; an active and layered security model is the best practice.
If you study the methodology, there are several points at which basic security measures can stop the Samsam attacker.
Sophos recommends implementing these top four security practices right now:
1. Restricted access to port 3389 (RDP) by only allowing staff who use a VPN to be able to remotely access any systems. Utilise multi-factor authentication for VPN access
2. Complete, regular vulnerability scans and penetration tests across the network; if you haven’t followed through on recent pen-testing reports, do it now
3. Multi-factor authentication for sensitive internal systems, even for employees on the LAN or VPN
4. Create back-ups that are offline and offsite and develop a disaster recovery plan that covers the restoration of data and whole systems
Additional best security practices Sophos recommends are:
Layered security that blocks attackers from all points of entry and from gaining access once inside a network. Rigorous and diligent patching.
Server-specific security with Lockdown capabilities and anti-exploit protection, especially for unpatched systems.
Security that synchronises and intelligence to activate lockdowns.
Endpoint and server security with credential theft protection.
Hard to crack and unique IT admin passwords with multi-factor authentication.
Improve password policies: Encourage employees to use secure password managers, longer passphrases and the non-reuse of passwords for multiple accounts — How to pick a proper password.
Periodic assessments, using third party tools like Censys or Shodan, to identify publicly-accessible services and ports across your public-facing IP address space, then close them.
Improved account access controls: Enact sensible policies to secure idle accounts; automatically lock accounts and alert IT staff after a number of failed login attempts. Regular phishing tests and staff education about the perils of phishing. shares