<img height="1" width="1" src="https://www.facebook.com/tr?id=3323484487762706&amp;ev=PageView&amp;noscript=1">
Blog Articles

Ransomware Beware
Part 2: Principle of Least Privilege

May 14, 2020
Click me

Recent Content

Finally – part 2 of the long-time coming Ransomware Beware Blog! Sorry for the delay folks – COVID-19 doesn’t discriminate.

Access: Ransomware’s most popular access to an environment is through a phishing scam, where a user within the corporate network gets duped into clicking a link or downloading a file that starts the scanning and encrypting of all files that user has access to, specifically write access. There is a lot of content out there on user awareness training, “don’t click the link” FUD, and email filtering. GREAT start, but if it were the silver bullet my LinkedIn wouldn’t be splattered with new ransomware attacks on a daily basis.

“The definition of insanity is doing the same thing over and over and expecting different results.”   Albert Einstein

Principle of Least Privilege: There is another way to limit the attacking surface of a ransomware attack, and that’s called the principle of least privilege. This is defined by the Cybersecurity & Infrastructure Security Agency as “only the minimum necessary rights should be assigned to a subject that requests access to a resource and should be in effect for the shortest duration necessary.” By resource we are referring to files, folders, shares, all the places data is stored that if encrypted could cripple the organization.

To enforce the Principle of Least Privilege companies should:

  • Limit administrator account usage for tasks requiring admin access
    • All users should have an account that does not have administrative access
  • Define user and group access to a piece of data based on what is needed to do their job
    • If a user needs to be able to read a document, but will never modify the document, don’t give them write access!
    • Be aware of Group Nesting, which can grant a user access to data they shouldn’t have access to.
  • Implement application whitelisting
    • Ransomware is usually passed through as an executable (.exe) file, and if the executable is not whitelisted the application will not be able to run.

Enforcing the principle of least privilege is another layer for limiting the attack surface of ransomware spread through malware. These controls can be done manually (not recommended), and also through free and enterprise software. Do your due diligence and figure out what path to enforce these controls works best for you. If you aren’t addressing these areas today, I do recommend you start. It’s not if you get breached, but when!
Tim Connell

Tim Connell

As Head of Enterprise Products for Pulsar Security, he guides the team in creating solutions which satisfy the needs of real-world customers, specializing in the areas of data management, storage network visibility, and enterprise security. Tim holds technical certifications as an Offensive Security Certified Professional (OSCP), CompTIA Network+, CompTIA Security+, GIAC Penetration Tester (GPEN), GIAC Web App Penetration Tester (GWAPT), and GIAC Python Coder (GPYC).

LinkedIn
View all posts

Minimize your Cyber Risks

A comprehensive package of services designed to bring maximum security benefits at minimal cost without sacrificing quality.

Learn More 

100% of the team holds advanced cybersecurity certifications.

  • Certified Ethical Hacker
    Certified Ethical Hacker
    Certified Information Systems Security Professional
    Certified Information Systems Security Professional
    CompTIA Security+ Certified
    CompTIA Security+ Certified
    OSWP Offensive Security
    OSWP Offensive Security
    GIAC Security Expert
    GIAC Security Expert
    Offensive Security Certified Expert
    Offensive Security Certified Expert
    Offensive Security Certified Professional
    Offensive Security Certified Professional
    GIAC Exploit Researcher and Advanced Penetration Tester
    GIAC Exploit Researcher and Advanced Penetration Tester
    GIAC Web Application Penetration Tester
    GIAC Web Application Penetration Tester
    GIAC Certified Penetration Tester
    GIAC Certified Penetration Tester
  • GIAC Mobile Device Security Analyst
    GIAC Mobile Device Security Analyst
    GIAC Certified Incident Handler
    GIAC Certified Incident Handler
    GIAC Assessing and Auditing Wireless Networks
    GIAC Assessing and Auditing Wireless Networks
    GIAC Python Coder
    GIAC Python Coder
    GIAC Reverse Engineering Malware
    GIAC Reverse Engineering Malware
    GIAC Network Forensic Analyst
    GIAC Network Forensic Analyst
    GIAC Certified Forensic Analyst
    GIAC Certified Forensic Analyst
    GIAC Certified Forensic Examiner
    GIAC Certified Forensic Examiner
    GIAC Certified Intrusion Analyst
    GIAC Certified Intrusion Analyst
    GIAC Certified Detection Analyst
    GIAC Certified Detection Analyst
  • GIAC Continuous Monitoring Certification
    GIAC Continuous Monitoring Certification
    GIAC Certified Unix Security and Administration
    GIAC Certified Unix Security and Administration
    GIAC Certified Windows Security Administrator
    GIAC Certified Windows Security Administrator
    GIAC Critical Controls Certification
    GIAC Critical Controls Certification
    GIAC Security Essentials Certification
    GIAC Security Essentials Certification
    GIAC Defending Advanced Threats
    GIAC Defending Advanced Threats
    GIAC Law of Data Security & Investigation
    GIAC Law of Data Security & Investigation
    CompTIA Network+ Certified
    CompTIA Network+ Certified
    Scrum Alliance CSP-SM Certified
    Scrum Alliance CSP-SM Certified
    Microsoft MTA Security Fundamentals
    Microsoft MTA Security Fundamentals
  • Microsoft MTA Database Fundamentals
    Microsoft MTA Database Fundamentals
    CISCO Certified CCNA
    CISCO Certified CCNA
    AWS Certified Solutions Architect Associate
    AWS Certified Solutions Architect Associate
offsec
  • Home
  • Services
  • Partners
  • About
  • Contact
  • Contact

Copyright © 2023 Pulsar Security

|

Privacy Policy

|

Terms & Conditions

Website Design & Development by CommonPlaces Interactive