FBI ALERT: 9/27/18

I-092718-PSA "RDP Warning needs to be heeded".

Questions regarding this PSA should be directed to your local FBI Field Office.

Local Field Office Locations: www.fbi.gov/contact-us/field.  

ISSUE: Remote Desktop Protocol has been on the rise since mid-2016 as attack vector

RDP or remote desktop protocol is being exploited by attackers to conduct malicious activity the FBI warns in its public service announcement on September 27th, 2018.  Members, clients and others are advised to reach out to your local FBI Office for information concerning this public service announcement.  

Definitions:  Remote Desktop Protocol (RDP) is a proprietary network protocol that allows an individual to control the resources and data of a computer over the Internet. This protocol provides complete control over the desktop of a remote machine by transmitting input such as mouse movements and keystrokes and sending back a graphical user interface. In order for a remote desktop connection to be established, the local and remote machines need to authenticate via a username and password. Cyber actors can infiltrate the connection between the machines and inject malware or ransomware into the remote system. Attacks using the RDP protocol do not require user input, making intrusions difficult to detect.

Some Suggestions For Protection:

1. Audit your network for systems using RDP for remote communication
2. Verify all cloud-based virtual machine instances with a public IP do not have open RDP posts, specifically port 3389, unless there is a valid business reason to do so.  Place any system with an open RDP port behind a firewall and require users to use a virtual private network (VPN) to access it through a firewall.
3. Apply two-factor authentication, where possible
4. Apply system and software upgrades regularly
5. Maintain a good back-up strategy
6. Enable logging and ensure logging mechanisms capture RDP logins.  Keep logs for a minimum of 90 days and review them regularly to detect intrusion attempts.

For additional recommendations see the PSA.

Integris Security LLC update.

Good afternoon all.  Effective 9-21-18 our web site has been transition and placed back into the public space for all to view.

We continue to focus on three main industries:

1. Financial Services

2. Health Care 

3. Small / Medium Business

Take a look around.  Its new so not too much is in place yet.  But we wanted to get it out to our clients, friends and family.

MIRAI BOTNET

Strange bed fellows with U.S. FBI

The threats and vulnerabilities are coming at industry and government fast and furiously with each new day springing something new.  This past week we participated in a conference call re: Mirai Botnet Authors wherein we learned the FBI is now working with cyber crooks to learn methods and operations so that the FBI can be as effective as possible in their national security mission.  These cyber crooks can't be trusted was the commonly held belief by all on the call.  The FBI needs to tread carefully when putting these resources to use and carefully balance the national security needs of our nation with common criminals.

Our new web site hosts a number of our services but like most days we focus on what's in front of us and how we maybe of assistance to help our clients.  Happy navigating and we hope to make our web site and social media interesting.

#cybersecurity  #integrissecurity  #Miraibotnet  #smallbusiness   #healthcare  #financialservices

WELCOME

 Welcome and yes we are back!  Our target is our clients, our prospects, our friends and family in the industry.  We are passionate about assessing risk, we run deep in security issues and also like to take some time to laugh as well.  We hope each of you enjoy the blog and contribute.

Risk and security discussions start at the top of every organization.  This isn't just jargon.  It is serious and when reading our blog you'll keep this in mind as you read along.  The CEO is the chief risk/security evangelist for your organization.  While we all love to laugh and make light of some things, in earnest we all need to focus when it comes to risk and security.  If the CEO isn't talking about risk and security than it just hasn't become a priority for your organization and your board of directors need to bring him/her in and explain the priorities for your organization.  We point in earnest to the your audit committee and its chairperson.  If things go wrong and they will in even the best organizations the chair of the board of directors audit committee will be the first person interviewed.  

If your like us and become aware of an issue, a solution, a best practice or new application and/or free or pay for tools that you just couldn't let slip by let us know.  If you'd like to be considered for a guest blog entry keep this is in mind: One focused topic, 400 words tops email us at: info@integrissecurity.com.  We know everyone has access to some cool graphics which help understanding the concepts and theories being put forward so choose carefully and send it along.  Our focus is to explain issues as simple as possible and to have the graphics bring the point home.  The ah ha moment.  

SOCIAL MEDIA

Did someone say social media?  In the past we have put our toe in the water with social media.  We plan to go full throttle with social media and may even add to our current setup.  So on our web site you'll see Facebook, LinkedIn, Twitter and of course this Google+ Blogger Blog.  We may expand on this and add You Tube if we think it brings additional value.  We think that we need to bring everyone the full impact of the web via our associated media outlets.  If you want to be part of this and share your wisdom let us know.  Email us: info@integrissecurity.com.

Thanks everyone and welcome back.