Aggressive redirects of internet traffic continues. These large casting operations conducted by state sponsored actors searching for traffic containing plain text information. This information has been used to chain compromises of various sites focusing on specific targets. The primary goal appears to be the theft of intellectual property of organizations, identity credentials of high value users and gathering of classified information. Some tips to help manage and prevent these kinds of attacks.
- Educate people in your organization about recent tactics in chained compromises and spear phishing.
- Remember that insiders still represent the greatest threat to an organization, review you management of this threat.
- Never use a password or email at work for public sites. This includes social media, support forums or user groups.
- When ever accessing sites use TLS/SSL option, this includes search.
- Block countries which you do not do business with at the boarder, DMZ and DNS service.
- Consider using TLS/SSL and encryption for internal traffic especially on critical systems.
- Encrypt user identifications and passwords, never transmit this information in plain text internally or externally.
- Filter internal packets to critical systems.
- Your audit capabilities and infrastructure are critical and should be protected as such.
- Audit and evaluate your traffic, both internal and external (Ingress and Egress).
Due to the nature of these attacks it is recommended you consider a more dynamic approach to the risk and mitigation of these threats to your organization.