Ride the Lightning
Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.
Joint Cybersecurity Advisory Issued by Australia, Canada, New Zealand, the UK and the US
October 6, 2020
On September 1, the cybersecurity authorities of Australia, Canada, New Zealand, the United Kingdom, and the United States issued a joint advisory highlighting technical approaches to uncovering malicious cyberactivity, with suggested mitigation practices. One suggestion is to analyze data in various ways to identify normal traffic patterns, so that anomalous activity is more easily identified.
The advisory lists investigative steps to help identify suspicious activity. These include identifying file names that suggest data exfiltration, watching for new connections on previously unused ports, and detecting unauthorized connections to known threat indicators. The document highlights common mistakes in handling security incidents, warning against some immediate responses that might result in adverse consequences. For instance, you want to avoid tipping off threat actors (which might make them cover their tracks or take more serious actions such as activating ransomware) and changing data that might have helped analyze an attack.
The 14-page document highlights recommended investigation and remediation processes. These are divided into general mitigation guidance and pre-incident best practices. Best practices include defensive techniques and programs to make it more difficult for a threat actor to get persistent, undetected access to a network. Knowing that no single technique, program, or set of defensive techniques or programs will completely prevent attacks, the advisory recommends a layered approach with multiple defensive techniques and programs to provide a complex barrier to entry, increase the likelihood of detection, and decrease the likelihood of a successful attack.
Fourteen pages makes for relatively light reading. Coffee will help.
HT to Dave Ries.
Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson