Here are some lessons learned from our past engagements; see it as an easy checklist on what not to do. #LessonsLearned ✅
1) MFA (Multi-Factor-Authentication) being not fully implemented or non-existent at all
While some attackers steal MFA tokens, it is rare! 📱 #MFA
While some attackers steal MFA tokens, it is rare! 📱 #MFA
3) No (sufficient) network segmentation
Don't put your domain controller right next to your user's computers. 🕸️ #NetworkSegmentation
Don't put your domain controller right next to your user's computers. 🕸️ #NetworkSegmentation
4) No (insufficient) patching
How are your systems updated? Are they updated at all? Focus on internet facing systems! 🩹 #Patching
How are your systems updated? Are they updated at all? Focus on internet facing systems! 🩹 #Patching
5) Using Software, OS, or Hardware in EOL state
"Yeah we still have not gotten around to updating the DC from Win2003." ⚰️ #EOL
"Yeah we still have not gotten around to updating the DC from Win2003." ⚰️ #EOL
6) Insufficient Logging
GDPR is often blamed as a scape goat but there are GDPR friendly logging solutions! 📜 #Logging
GDPR is often blamed as a scape goat but there are GDPR friendly logging solutions! 📜 #Logging
8) Unsigned Office macros allowed
While we are almost too scared to suggest it: Disable unsigned macros if your C-level lets you 🗄️ #OfficeMacros
While we are almost too scared to suggest it: Disable unsigned macros if your C-level lets you 🗄️ #OfficeMacros
This is of course not a complete list (additions are welcome). However, if all of these points are addressed most common ransomware gangs won't like it a bit.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
