If you’ve been following the news, it seems like a major corporation is being attacked every other day. In light of these recent events, here are a few things that these corporations could have prevented the attacks.
Strict Zoning Controls
The recent breaches allegedly originated in Russia – the question, however, is why Russian hackers were able to gain access to corporate remote desktop tools.
According the Verizon Enterprise’s yearly data breach investigations report, 30% of attacks in 2013 were attributed to China, 28% to Romania, and 5% to Russia. Similarly, in 2014, 75% of attacks originated in Eastern Europe and Asia. Therefore, it is clear that the vast majority of attacks originate from foreign nations.
Though not possible for all corporations, companies that deal only in certain countries should limit access to their corporate and payment processing systems to those countries. Backend and critical systems that deal with consumer data should be accessible only from within the country of their operation, or through authorized networks (i.e. authorized offices offshore). While this fails to take into account U.S. based attacks, many of the recent attacks have been foreign in origin and could be prevented.
Careful Network Monitoring
The Backoff malware that is considered to be the culprit behind all of these attacks sent out data periodically to a remote server. By monitoring their network systems, companies can make sure that there are no unauthorized network connections.
Paying more attention to their firewall configuration could have prevented the exodus of data from within the network to remote servers.
Segregating payment networks
Companies should separate their payment processing systems and other unrelated networks. By applying an Access Control List (ACL) on their routers, they could limit traffic as necessary and make sure that only authorized connections had access to the network. Separation of networks also makes it easier to monitor the critical systems for unauthorized use.
Secure their Remote Desktop Systems
The major vulnerability in all of these attacks was the companies’ remote desktop solutions. The hackers were able to get into the companies’ systems by brute forcing – or repeatedly guessing – their way into the remote desktop systems.
To prevent this, companies should configure their remote desktop systems so that accounts would be locked if multiple incorrect login attempts were made. In addition, changing the default listening port for their Remote Desktop systems increases the difficulty of exploiting it.
By following these practices and paying closer attention to the details of authorized vs. unauthorized access, many of the recent breaches and theft of credit card numbers could have been prevented.