As you may have seen in the news, Ukrainian organizations have recently suffered a spate of cyber aggression activities. Russian state-sponsored threat actors are believed to be responsible. In response, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) encourage a heightened state of awareness and proactive threat hunting for U.S. organizations.
This means that it’s critical to review your organization’s cyber security posture and close any gaps. Three steps you can take immediately are:
Ensure all software is up-to-date.
In the Ukraine attack, threat actors used Log4j to deploy WhisperGate malware. This vulnerability was identified back in December. Following the official announcement on 12/10/21, Invario closely reviewed all endpoints we manage for potential exploitation of this breach. In partnership with our network security and antivirus service providers, we scanned all managed devices. This allowed us to identify those systems that utilize or host the vulnerable code. We then updated them to a secure version or, if possible, removed the code. We continue to monitor all endpoints with exposure to the public internet. The key is to identify and record any attempts at remote code execution. That way we confirm that no attacker is able to breach any of our managed networks with this vulnerability.
Be prepared.
Your organization should have a cyber incident response plan ready in case of an incident. A tabletop exercise to walk through the plan with key individuals is a good way to ensure you have your bases covered. We do this at Invario. We also support our customers with backups and business continuity solutions. The first step in developing your continuity of operations plan is to understand where your organization stores critical data. That way you can back up and protect it.
Follow best practices for identity and access management.
At the very least, all remote access to your organization’s network and privileged or administrative access should require multi-factor authentication (MFA). We recommend configuring any business-critical systems, for example Microsoft Office, with MFA.
On a final note, an advanced endpoint security solution that includes threat detection and response will take anti-virus to the next level. If you want more information on this, see my previous post.
You can see the full list of CISA insights and recommendations here. Feel free to contact me with any questions or if you would like help evaluating your organization’s cyber security readiness.