Given the recent geo-political uncertainty, Cyber security professionals need to prepare for a continued uptick in threat activity. Instances have already been reported. For example, Check Point Research (CPR) teams encountered an upsurge of distributed denial of service (DDoS) attacks, some of them carried by IoT botnets such as Mirai. We’ve also seen evidence of wiper tools used to take down machines.
The interconnected nature of the global markets and systems introduces the possibility that targeted attacks could impact systems in companies and organizations that are located outside of countries involved in geopolitical activity. In all cases of increased risk, it is imperative that information technology teams maintain contact with local and national law enforcement and follow advisories from threat intelligence services and Computer Emergency Response Teams (CERTs).
The following recommendations are intended to provide a set of initial best practices that are relevant to multiple potential attack vectors.
Protection against DDoS attacks
Check Point Quantum gateways provide a number of capabilities that can be used to mitigate the impacts of DDoS attacks. These include specialized Intrusion Prevention signatures, operating system and gateway configuration settings, management automated responses as well as commands for dynamically blocking attack sources. Information on such settings is available via Check Point Support Center.
Additionally, Check Point provides a dedicated DDoS mitigation solution. DDoS Protector and DDoS Protector Cloud Service are part of Check Point Quantum Network security solutions. DDoS Protector is a perimeter attack mitigation device that secures organizations against emerging network and applications threats. DDoS Protector protects the infrastructure against network and application downtime (or slow time), application vulnerability exploitation, malware spread, network anomalies, information theft and other types of attacks.
Prevent ransomware and wipers
Check Point’s Infinity Architecture provides protection against ransomware and wipers, and other types of malicious software, via the company’s threat prevention solutions.
- Gateways: configure IPS to prevent and not just detect attacks using recommended policies. Taking a prevent-first approach increases defense profiles significantly and simplifies future remediation activities. Check Point IPS protects against the most relevant attack vectors known to spread ransomware and wipers.
- Review gateway, management and threat prevention configurations to maximize protection and performance. This could include optimizing threat prevention policy and activating HTTPS Inspection on relevant traffic. Consult with Check Point experts, the company’s online knowledge base and User Community for best practice information.
- Deploy Check Point Harmony Endpoint and Check Point Anti Ransomware on user devices. Doing so will add an additional layer of protection.
- Minimize exposure with continuous data backups and systems’ patching
Misinformation and phishing
We should expect threat actors to employ traditional and novel forms of social engineering. These could include emails and text messages that lure victims to malicious sites or to download files with embedded attacks. It therefore is imperative to:
- Reiterate Cyber Awareness and Education to your employees.
- Prevent zero-phishing attacks on emails, endpoints and mobile devices with Check Point Anti-Phishing
- Activate threat emulation and extraction protections in Check Point Quantum and Check Point Harmony offerings
- Leverage the Zero Phishing capabilities of Check Point Harmony Endpoint
Protect remote employees
In our current hybrid work environment, it is important to provide remote employees with secure access to corporate resources. Check Point provides multiple solutions for protect remote employees, including:
- Check Point Harmony Connect, which leverages protections at the edge to block malicious attacks
- Check Point Harmony Endpoint and Mobile, which block a wide array of advanced attacks on user devices
The Check Point research teams are monitoring threat events continuously and will provide additional recommendations as more actionable intelligence becomes available.