The FBI has issued a new warning that healthcare organizations, industrial companies, and the transportation sector are being targeted with ransomware. The attack methodologies continue to evolve, with cyber-criminals doing all they can to avoid detection. The FBI highlights three current attack techniques: phishing campaigns, Remote Desktop Protocol (RDP) vulnerabilities and exploits of software vulnerabilities.
Mitigation includes ensuring operating systems, software and device firmware are all updated with the latest security patches. Data should also be backed up regularly, and the integrity of these backups verified. The FBI adds that, regardless of whether a ransom has been paid or not, victims should always report ransomware attacks to law enforcement to provide the kind of critical information required to hold attackers accountable under the law.
Javvad Malik, security awareness advocate at KnowBe4, said "companies of all sizes across all verticals need to be prepared for ransomware and have in place not only technical controls to prevent, detect, and respond to it, but also raise security awareness among staff so that any attempts to install ransomware via phishing or other social engineering attacks can be thwarted."
Five Things You Can Do About This Right Away:
- When is the last time you tested the restore function of your backups? You want to do that ASAP, and make sure you have weapons-grade backups at all times.
- Scan your network to identify any open RDP ports and ideally disable RDP completely on all Windows machines if possible. By default, the server listens on TCP port 3389 and UDP port 3389.
- Best practice to protect a network from a brute force RDP attack is to apply strong RDP security settings, including limiting or disabling access to shared folders and clipboards from remote locations.
- An RDP brute force approach does open the attacker’s information to the targeted network, so automate the process of parsing the Windows Event Viewer logs, find any compromised user accounts, identify the IP address of the attacker and block that.
- Do a no-charge Phishing Security Test and find out what percentage of your users is Phish-prone. Use that percentage as a catalyst to start a new-school security awareness training program, which—by survey—your users are actually going to appreciate because it helps them stay safe on the internet at the house. PS, the password is "homecourse". It's free.