New advisory sees critical infrastructure once again in the crosshairs and makes critical recommendations to both protect against ransomware and to reduce its’ impact.
When the U.S., Australia, and the U.K. all come together citing rises in ransomware attacks on critical infrastructure organizations and government entities, it’s reasonable to hear statements like “ransomware as the biggest cyber threat facing the United Kingdom.” This is the message made clear in the latest advisory from the U.S. Cybersecurity & Infrastructure Security Agency. According to the advisory, the U.S. saw attacks on 14 of the 16 U.S. critical infrastructure sectors, with similar observations in Australia and the U.K.
CISA cite three specific initial attack vectors:
- Stolen Remote Desktop Protocols (RDP) credentials or brute force
- Exploiting vulnerabilities
- Phishing
They also discuss the organizing of efforts by cybercriminals. It begins with a rise in cybercriminal services-for-hire – both on the initial access side of an attack, as well as the ransomware itself. The sharing of victim information, diversifying the approaches to extorting money from victims (something that has continued to evolve over the last two years), and targeting of specific types of organizations all have resulted in more success for the ransomware threat actors.
CISA makes the following mitigation recommendations:
- Keep all systems up to date
- Secure and monitor any remote access services
- Implement strong password policies
- Use multi-factor authentication as much as possible
- Segment networks
- Use zero trust principles for access
- Implement Security Awareness Training
Here's how it works:
