SEA servers under threat from China’s Terracotta army: RSA: Page 2 of 2
By Benjamin Cher April 26, 2016
Weak spots and implications
The Terracotta threat does not target vulnerabilities but weak cybersecurity processes such as default admin accounts with relatively weak passwords, according to Backman (pic).
“Hackers have purpose-built dictionaries for brute-force attacks that exploit these weaknesses,” he said.
The issue is compounded by leaving ports open for traffic to flow through with no restrictions.
“We think that renaming the admin username and closing unneeded ports would have made Terracotta enlistment unlikely,” he added.
Securing the breach
Securing your server against being enlisted by an unknown source can begin with a few basic security steps, according to Backman:
- Rename the admin account on the Windows server to something else;
- Use a firewall to block all un-needed services (for example, port 135);
- Do an external port scan to confirm;
- Use strong passwords (at least six characters that are a combination of letters, numbers and symbols); and
- Periodically review logs and check for newly-added Windows accounts.
However, finding and remediating an incident in progress will likely require more attention, Backman said.
“Pervasive visibility, analytics, and some expertise are all advised, particularly if you handle high-value data or intellectual property,” he added.
To read RSA’s white paper on the Terracotta VPN click here.
Related Stories:
SEA at risk as disputes turn to cyberwar: FireEye
State-sponsored group that spied on Malaysia for 10 years
There are spies in your fibre!
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.