Lancaster County School District has unfortunately been the victim of a computer intrusion which may involve the loss of personal and private information of over 25,000 students and employees.
Here’s a snippet of what’s been sent to the possible victims: “ … hackers have captured keystrokes from district computers and figured out district passwords for the State Systems that store the district’s student and employee information. This kind of hacking is not something a person could find just surfing on the internet. It could be done only by skilled computer technicians who were purposely trying to capture this information.“
Their observation that it could only have been done by a “skilled computer technician” is only partially correct. While true, it does require substantial programming skill to create the type of Malware used to capture the School District’s passwords. Sadly, with the industrialization of the cybercrime, all you have to do is buy or rent a malware or crimeware toolkit and it’s very easy to deploy. These toolkits are readily available in some of the darker corners of the internet for as little as a few thousand dollars; call it “cybercrime in a box”. This explains why we see a rise in this kind of attack and why it’s being used against ever smaller organizations.
What steps can we take to try and prevent this kind of thing happening to us?
Security awareness should be a staff priority. The point of entry for these attacks is often an email or a web link you or your staff may be enticed into clicking. Awareness of these tactics is your first line of defense.
Keep your Operating System and applications up-to-date with the most recent security updates. The greatest majority of these exploits take advantage of known and patched weaknesses. If you’re current, the malware has nothing to leverage and can’t be installed.
Restrict computer rights to the minimum needed for the job at hand. Few people install software on their computer everyday yet most small businesses allow users to have complete administrative access. This makes a bad guy’s job very easy because they can install anything they want. Restricted or limited access will take this capability from them.
Employ some form of real-time web filtering and blocking. In order to thwart Anti-virus software, the crime ware toolkits change their “signatures” several times a day. If you are not getting real-time updates, your AV software is looking for what it used to be, not what it is now. This type of protection is best deployed on your server, firewall or DNS. We prefer at the DNS level.
Make sure your anti-virus is up-to-date. Even though the more sophisticated attacks are using polymorphic code to hide their intentions not all go to this extent. Give your AV software a fighting chance and make sure it gets a new signature file everyday. Also make sure you run a full disk scan every night. That way, even if your AV didn’t know about something when you contracted it, it may be able to find it after the fact. Better to know even if it is a little late.