, 13 tweets, 3 min read
My Authors
Read all threads
1/ If you are walking into work today worried about how to defend against the cyber threat posed by Iran, @jepayneMSFT ‘s tweet still holds as true as ever: focus on defending against Emotet and the ransomware attacks being launched from it
2/ A security improvement programme focused on defending against Emotet, with only 3-6 months of sustained effort could significantly improve your company's ability to defend against destructive ransomware attacks and more sophisticated attacks
3/ How could you do this? Use recent examples of catastrophic ransomware attacks to tell a story to senior leadership justifying the urgency of improving security now; pull together a team of your best people from your security and IT teams; get a whiteboard and people in a room;
4/ Build an action plan of what you can achieve over the next 30/60/90 days; focus on tasks which will have a direct impact on rapidly reducing risk and increasing difficulty to an attacker; execute at pace with sprints, ensure accountability, be open to changing plans
5/ Get senior leadership buy-in to drive rapid change in the IT environment; get a Red Team to work collaboratively with you to help you identify vulnerabilities, validate these have fixed these and demonstrate the impact you are making
6/ Why do this now? Recent examples show that it is only a matter of time before ransomware will cripple your business if you haven’t implemented fundamental security controls. Implementing these controls are challenging but achievable
7/ How can you make an impact both against state-sponsored attacks and Emotet? There is currently a significant convergence between the tools and techniques of cyber crime groups, red teams and many state sponsored attackers - this is a great opportunity to exploit this
8/ Where to start? focus on the basics: make it more difficult for an attacker to phish an employee, run malware on a workation, gain administrator privileges and get the access required to move laterally around your environment
9/ Worth having a look at some of the cool Emotet honeypot work @GossiTheDog is doing - some great insights here; map out the kill chains of these attacks (with MITRE ATT&CK) and work out the key controls you can apply at each stage to prevent and detect an attackers actions
10/ Key areas of focus - prevent malicious payloads being delivered via phishing; restrict what can be executed on endpoints (inc. scripts); upgrade endpoints to Windows 10 and use built-in security features; segment endpoints away from the corporate network
11/ protect domain admin accounts; lock down accounts in local admin groups and set strong passwords on default local admin accounts; set strong passwords on service accounts; patch internal RCE vulnerabilities; uplift detection and response capabilities (try EDR); test backups
12/ Also whilst not strictly related, this deserves it’s own tweet: make sure you have deployed multi-factor authentication on all your externally accessible services (this is achievable even in large orgs in < 90 days by mobilising significant resources)
13/ Get in touch if you want to chat more about how to get this off the ground, gain support and build momentum - more than happy to chat
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Will Oram

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!