Who's hunting you?
If your business uses computers, and whose doesn’t, you’re under attack. I don’t mean the “click here to change your password” you see littering your junk mail folder but rather “I am hunting your company and looking for any signs of weakness.”
Realizing you and your company are being targeted helps you better prepare your defence.
The first step is to review what is happening to your systems and using that data to identify suspicious behaviours. Places to look include:
· Windows event logs
· Changes to files and systems for computer systems
· Authentication logs
· Firewall logs
You will likely need to rope your IT staff to help you with this but linking the business acumen with the IT know-how allows you see what may be under attack.
The next step is to work with peer companies to pool your efforts to combat these attacks. It is likely the hackers going after you are also targeting similar companies. Finding out what your trusted peers or even competitors are experiencing helps keep everyone safe.
Once you have the data from your company, and hopefully from other like organizations, think about the adversary’s actions in a broader way to understand what they are after. Do some research if you are unsure of what the behaviour is targeting. You should be able to formulate the hacker’s tactics into
- what are they wanting to get, and
- which door/window are they trying to get in.
Armed with an understanding of what the adversary is after, you can now formulate a plan to stop them from getting what they want. The prevention solutions are as varied as the types of attacks; one size does not fit all. Focus on what you need to keep your company safe rather than generic “fix all” tools that often are expensive and not effective.
If you want to do a deeper dive on this subject, Mitre.org has extensive information on how ATT&CK framework can be used in your organization.