Cyber Threat Actors: Basic counter measures to protect against common cyber attacks to your organization



linkedin logo /hardisont

Jan 14, 2020


In these uncertain times, security and protection are more important than ever. It can often be overwhelming to know where to start. That’s why in this blog, we have gathered some basic countermeasures to protect against common cyber attacks to your organization from cyber threat actors.

Read below to learn six basic countermeasures. But first –

What is a cyber threat actor?

A cyber threat actor is a person, group, or state who target vulnerable access points to obtain user data. Threat actors look for known vulnerabilities or low cybersecurity sophistication environments to then gain unauthorized access to networks, devices on said networks, or data that is stored.

How can you protect against cyber threat actors? Below are basic countermeasures you can do to protect against this cyber threat.

1. Block and monitor outbound communications
Redhawk recommends blocking all outbound ports to the Internet unless needed for a business function. Ports that are needed for business functions, including encrypted traffic, should be inspected for command and control activity.

2.Update email controls and perform regular security awareness training for users
Redhawk recommends performing regular security awareness training for all users with a focus on up-to-date email phishing themes. In addition, implement email controls that restrict attachments such as .DOC, .XLS, .PDF, .ZIP, .RAR and .7Z

3. Patch all externally facing systems
Redhawk recommends regular vulnerability scanning and patching of all critical and high vulnerabilities that allow for remote code execution or denial of service on externally facing equipment.

4. Limit the usage of Administrative privileges and the use of PowerShell
Limit the usage of administrative privileges on all systems and limit PowerShell to only users and accounts required, enable Multi-factor Authentication (MFA) for all administrative actions and require code signing of PowerShell scripts, in addition, enable logging and alert generation for all PowerShell commands and use.

5. Ensure backups are up to date and ransomware protected
Redhawk recommends that all critical backups are stored in an easily retrievable location that is air-gapped from the organizational network.

6. Maintain and regularly test incident response plans
Redhawk recommends the regular maintenance and testing of an incident response plan that contains all critical elements contained in the NIST – Computer Security Incident Handling Guide.

next steps

Let's Schedule Your No-Risk Assessment.