Response to Growing Cryptoware Threat
-
So, when do we disable or go to pure white list email to combat these emails?
Change our business cards to include only our phone number and possibly our IT departments contact for other types of access, like email so your IT department can add them and their IP to the white list... Of course this kills the little guy who uses free services like google or outlook.com, etc.
-
Instead of whitelisting, why not block attachments and automatic link detection? Those are the only real vectors, right? Isn't it only the attempt to use email as more than it was designed for (primarily as a file server) that is the root of these issues?
Lots of businesses do actually whitelist and it is incredibly annoying for them and for their business partners and is not very effective. But removing the ability to infect through email is pretty trivial.
-
You could implement a human validation system. I know companies that have done this. Any remotely suspect email that passes spam and malware filters goes to a human to vet. That human is not emotionally tied to the email (can't be swayed by a fake job offer or a fake contest or Nigerian prince scam) and can be very trained and selected based on their ability to reasonably filter email.
Expensive but.... Safe and effective.
-
Another question that I have (and I will make a thread around this when I return from picking up dinner for the family) is why do so many companies have file share level exposures? The effectiveness of these attacks are directly dependent on a form of access that, I feel, is rarely appropriate of needed beyond access to a single, local machine.
-
@scottalanmiller said:
Another question that I have (and I will make a thread around this when I return from picking up dinner for the family) is why do so many companies have file share level exposures? The effectiveness of these attacks are directly dependent on a form of access that, I feel, is rarely appropriate of needed beyond access to a single, local machine.
Exposure how, to the internet?
-
@Dashrender said:
@scottalanmiller said:
Another question that I have (and I will make a thread around this when I return from picking up dinner for the family) is why do so many companies have file share level exposures? The effectiveness of these attacks are directly dependent on a form of access that, I feel, is rarely appropriate of needed beyond access to a single, local machine.
Exposure how, to the internet?
Exposure to files via protocols like SMB. Why the need for file protocol exposure?
-
