Published: June 07, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
Cybersecurity authorities in the United States, Australia, and the United Kingdom reported an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally throughout 2021. Ransomware tactics and techniques continued to evolve, showing ransomware threat actors’ growing technological sophistication and an increased threat to organizations.
The joint advisory, which was authored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) in the U.S., along with the Australian Cyber Security Centre (ACSC), and the National Cyber Security Centre (NCSC) in the UK, details observed behaviors and trends as well as mitigation recommendations to help network defenders reduce their risk of compromise by ransomware.
The government organizations in the United States observed incidents involving ransomware against 14 of the 16 U.S. critical infrastructure sectors, including the Defense Industrial Base, Emergency Services, Food and Agriculture, Government Facilities, and Information Technology Sectors. In Australia, those sectors were Healthcare and Medical, Financial Services and Markets, Higher Education and Research, and Energy.
The NCSC in the UK recognizes ransomware as the number one cyber threat facing the United Kingdom. There, education is in the bullseye, though businesses, charities, the legal professions, and public services in the Local Government and Health Sectors are also big targets.
A couple of the behaviors seen with these attacks include Phishing, stealing RDP credentials, brute force attacks, and exploiting vulnerabilities to gain access to networks. They have also discovered attacks that included cybercrime services for hire. Particularly popular was ransomware-as-a-service (RaaS).
Some recommendations for mitigation include:
Keeping all operating systems and software updated and patched.
Monitor RDP connections closely, make sure they are properly configured, and limit access.
Implement a user training and awareness program. Conduct phishing exercises to raise awareness among users about the risks of visiting suspicious websites, clicking on suspicious links, and opening suspicious attachments. Reinforce the appropriate user response to phishing and spearphishing emails.
Implement and require MFA whenever possible.
Require strong and unique passwords for all accounts.
Properly configure and protect cloud storage.
Perform regular backups on important data and test the backups regularly to ensure they are useable if and when needed.
For additional mitigation tips and full details on the advisory, check out Alert (AA22-040A) on CISA’s website.