HSN

The DHS and the FBI jointly issued a list of best practices for recovery from malicious erasure of computer files in an intelligence note from the Internet Crime Complaint Center (IC3).

The note issued on Jan. 20 advised businesses and individuals on a number of ways to mitigate the growing incidents of cyber criminals damaging computer systems and data by changing or deleting files, wiping hard drives or erasing backups to hide some or all of their malicious activity and tradecraft.

The IC3 is a partnership between the FBI and the National White Collar Crime Center (NW3C) receives Internet related criminal complaints from the public and researches, develops, and refers the criminal complaints to the appropriate federal, state, local, or international law enforcement and/or regulatory agencies for any investigation they deem to be appropriate.

The IC3 public service announcement explained that criminals wiping, or “zeroing out,” hard disk drives  –  effectively erasing or altering all existing data  –  makes recovery especially difficult.

The difficulty, said IC3, extends to tracking down criminals and determining exactly what they were up to, either merely accessing the network, or more serious activity like stealing information, or altering network access and configuration files. Completing network restoration efforts and business damage assessments may also be hampered, they said.

FBI and DHS encouraged businesses and individuals to take common sense steps that both prevent access and minimize the impact of the activity. They advised implementing a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location and insure backup copies of sensitive data should not be readily accessible from local networks.

They also said to regularly mirror and maintain an image of critical system files and encrypt and secure sensitive information, using strong passwords, implementing a schedule for changing passwords frequently, and not to reuse passwords for multiple accounts.

Network operators should also enable network monitoring and logging where feasible, it said.

Businesses and individuals, they said, should also be aware of social engineering tactics aimed at obtaining sensitive information. They added that users should also securely eliminate sensitive files and data from hard drives when no longer needed or required.