Autumn in North America: The brightly colored leaves, shorter days and cooler temperatures convert \u201cweakened worriers\u201d \u00a0into \u201cweekend warriors,\u201d who switch their suits and khakis for coveralls and flaming orange vests and hats \u2014 swap MacBooks for Mossbergs, and the commute for the camp out \u2014 all in an effort to return to some primordial connection of our days as Hunter-Gatherers.There\u2019s a trend in security operations to work to close the gap between discovering a breach after the damage has been inflicted, and delving deeper into the infrastructure to evaluate the \u201cWhat\/Where\/When\/How\u201d in an effort to advance the security team\u2019s preemptive efforts in deterring or at least containing malicious activity. And with one report suggesting ransomware being up almost 90 percent over last year, it\u2019s getting a bit confusing as to which side of the \u201chunting season\u201d organizations are finding themselves.This relatively new trend in cyber-hunting has spawned a host of strategies and tactics emerging that describe the latest \u201cHow-to\u201d lists, tactical toolkits and \u201cEverything APT\u201d advancements \u2014 all in an effort to stay out in front of the Big Game that frequently out-hunts the hunters.Despite the rising trend in what Anton Chuvakin of Gartner calls \u201cthe domain of the well-resourced, super-security-mature, extra-skilled 1%-ers,\u201d cyber hunters don\u2019t have to have Master\u2019s degrees in Boolean and Bayesian Logic to be effective in a search-and-defend mission to protect their infrastructures (although looking to some of the new EDR and UBA technologies from the likes of Cybereason and Interset can help from both sides of the duck blind).As well, there are some useful resources CSOs can turn to before donning their virtual orange hats and cammo vests, and heading into the wilderness, including reports out of the FBI on the tail of October\u2019s \u201cNational Cyber Security Awareness Month,\u201d which are worthy of a double-check before moving on to the next alert. One particular threat, which may not be anything at all, might still warrant a quick look into the sites, to stay ahead of the game. . .Remember, remember, the 5th\u00a0of NovemberWhile the Fed thinks it is "unlikely" hackers will be any more active on Nov. 5, \u201cGuy Fawkes Day,\u201d than usual, because of the loose leadership structure within hacktivist groups, it is possible individuals claiming affiliation to a group might want to announce their own hunting season. Our friends at the FBI suggest there's always that risk of the bad guys doing whatever they want (whenever they want), and that they don't need an anniversary to do so.Perhaps out of coincidence, or just by happenstance, Anonymous did post a message on Twitter last week, which read \u201cDDoS comin.\u201d While the potential target and timeframe for another IoT-based attack is uncertain (but highly likely), and whether it is meant to coincide with Nov. 5, is also unclear. Most folks are betting the wildlife will emerge around the general election. Suffice to say, however, that a public posting from any nefarious group should be at least warning enough to be aware of the growing risks to our computing infrastructures, and a prompting to exercise some elevated precaution. \u00a0Who\u2019s hunting whom?To stay ahead of the tracks, Cybereason suggests CSOs have their teams dig more thoroughly into the data as a means of preempting (or at least identifying) attack trends. Like a flock of ducks to decoys, threat actors tend to follow patterns in how they approach their targets. The trick is learning how your system behaves, and what constitutes an \u201canomaly\u201d within it, and that requires more than what the audit trails and firewall settings are reporting:Just like checking the weather conditions before heading out into the wilderness to catch that unsuspecting prey, threat hunters have to completely understand the environment, and what is happening in and to it. That means collecting copious amounts of data from multiple sources within your system (endpoints and beyond).Because \u201cmalware\u201d seems to be the weapon of choice, the hunters at Cybereason say it\u2019s important to have the ability \u201cto collect and compare data against threat feeds and blacklists to confirm the existence of known threats.\u201dCollecting the data is only part of being effective in defending against a breach. The ability to process the information for trending and further analysis, pivot off what is collected, and extrapolate reasonable conclusions on which red teams, can help security teams set their sights on more refined defense mechanisms ahead of an incident. \u201cThis allows the team to connect seemingly unrelated threats and understand the full scope of an attack,\u201d the Cybereason team adds.Given the recent spate of IoT attacks, combined with Anon\u2019s Twitter post from Oct. 26, CSOs might consider another look at those sensitive points of access. According to one FBI report, \u201cBotnets comprised of IoT devices can be used to conduct unprecedented and powerful attacks that can take down Web sites,\u201d much like the IoT attack we saw in September against our friend, Brian Krebs.\u201cBe prepared\u201dAny young man who has ventured out with the Boy Scouts knows that two-word phrase can cover a lot of ground. The same is true when preparing appropriate contingencies against the potential onslaught of IoT attacks that many security experts say are just over the horizon. The FBI suggests having a look at basic system housekeeping as the best way to at least reduce the risk of compromise.Compliments of Hoover\u2019s Hunters, here\u2019s a seven-point checklist CSOs might consider as preparation, at the very minimum, ahead of whatever hunting season they plan to undertake:When was the last time you required those system passwords to be refreshed? Respected cryptologist and security legend, Bruce Schneier suggests that while it depends on what the password is used to access, \u201cany password-changing policy needs to be chosen with that consideration in mind.\u201d Here\u2019s Bruce\u2019s take on keeping those passwords fresh and complex.Check with your IT administrators and teams to ensure common vulnerabilities are patched. The OWASP gang suggest \u201cJust-in-time Patching\u201d to \u201cexternally address the issues outside of the application code.\u201dReview hardware and software applications. Are they tuned properly? Are those default services that came with those new boxes wiped clean? Symantec suggests removing default services \u201creduces the attack surface\u201d that can be exploited.Prepare a DDoS mitigation strategy ahead of time, and keep a vigilant watch for social engineering tactics that target sensitive information. According to analysts at Forrester, \u201cThe availability of an organization's critical systems depends on its ability to adapt and scale across its online infrastructure and protect it from these types of incidents.\u201d Forrester\u2019s two-phased mitigation plan can be accessed through this link.Develop and apply an incident response plan that includes DDoS mitigation (and be sure to practice this plan ahead of an incident). FBI adds: \u201cThis plan may involve external organizations such as your ISP, technology companies that offer DDoS mitigation services, and law enforcement.\u201d Also, be sure the plan lists points of contact from all third parties.How\u2019s your data back-up and recovery plan? Is your organization maintaining copies of sensitive and proprietary data in a separate and secure location? Computer Weekly\u2019s Paul Kirvan says, before organizations write a DRP, they should consider performing \u201ca risk assessment (RA) and\/or business impact analysis (BIA) to identify the IT services that support the organization\u2019s critical business activities.\u201d The global standard for IT disaster recovery is published as ISO\/IEC 27031,How dependent is your organization on public facing Web servers? The National Institute of Standards and Technology provide comprehensive guidelines on how to secure web servers via this published source.You can learn more about how to address the DDoS problem via the latest CERT reports.And while November tends to kick off the \u201cSAD Season,\u201d a time that usually sees elevations in boredom, anxieties associated with the onset of \u201cCabin Fever,\u201d and other oft-reported motivators behind bad online behavior, recent history suggests hacktivities don\u2019t seem to get any greater than those that occur at other times of the year. (Fact is, hackers just don\u2019t care about your feelings!) The FBI reports that while Anonymous and other groups have often tipped their hands to foreboding moments in the past, like in November 2011\u2019s \u201cOperation Fox Hunt\u201d and \u201cOpFacebook,\u201d although both of those threats came to no avail.Still, a little fall housekeeping before heading out into the woods could save some headache on the IR side, when\/if that next IoT attack compromises your organization\u2019s CIA.And be careful where you point stuff!