Demystifying the Role of SMB in Cybersecurity
Cybersecurity has become a critical concern in our interconnected digital landscape. In an alarming wave of cyber upheaval, the Cybersecurity and Infrastructure Security Agency (CISA) reported that LockBit activities have amassed approximately $91 million in ransom payments since its first observed activity in the USA in January 2020. Simultaneously, the insidious QakBot botnet infected over 700,000 computers.
LockBit caused significant disruptions to emergency care at German hospitals. Subsequently, car retailer Eagers Automotive faced attacks in Australia and New Zealand. The QakBot botnet was a long-standing threat taken down by the FBI in August 2023. Despite this takedown, Microsoft Threat Intelligence reported a new QBot campaign targeting the hospitality market just four months later.
Both LockBit and QBot cyber threats have leveraged Server Message Block (SMB) file sharing for lateral movement within networks, as highlighted in Mandiant’s M-Trends report.
Given the context, it’s important to clarify that the SMB protocol is not inherently unsafe. SMB serves as a legitimate means for file sharing and communication between devices in networks. Malware’s spread isn’t a flaw in the SMB protocol itself; rather, it seizes upon vulnerabilities or credential misuse. The SMB protocol, fundamentally, is secure. However, its usage without professional service providers or security measures can render it susceptible to exploitation. Cyber criminals utilize these weaknesses to extend their reach therefore it is crucial to consolidate your cybersecurity stance.
Proactive SMB Protocol Security Measures
To protect your digital assets from potential threats, proactive measures are indispensable. MITRE – the not-for-profit organization that advances national security and serves the public interest as an independent adviser – provides comprehensive insights into malware attacks leveraging SMB protocol and offers valuable information to set your defenses.
Here are two key recommendations to secure your SMB infrastructure:
- Transition to Kerberos – Kerberos, a secure authentication protocol, enhances the security of your SMB connections by utilizing strong encryption techniques, reducing the risk of unauthorized access. (Read more about NTLM and Kerberos).
- Enforce Message Signing – Make message signing mandatory within your SMB environment. This cryptographic feature verifies the integrity of transmitted data, preventing tampering or traffic alterations.
Implementing these measures significantly strengthens your defenses against potential SMB-related threats.
Trusted Solutions for SMB Security
To solidify your cybersecurity strategy, consider relying on validated SMB software solutions. Visuality Systems offers robust SMB libraries, such as YNQ (tailored for embedded systems and Linux environments) and jNQ (designed for Java environments), which can augment the security of your SMB infrastructure.
Securing your SMB assets goes beyond blaming the protocol itself; it involves proactive measures and adopting verified solutions to mitigate vulnerabilities and fortify your cybersecurity posture. By implementing these recommendations and staying vigilant, you can safeguard your networks against potential threats like LockBit and QakBot, ensuring the resilience of your SMB infrastructure in the face of evolving cyber risks.
Tal Widerman, CEO, Visuality Systems