Joint Cybersecurity Advisory Alerts Those in U.S. Infrastructure Sectors of Malicious Threat
The FBI has issued a joint advisory warning against ongoing malicious cyber activity by an advanced persistent threat (APT) associated with the Iranian government. Essentially, an APT is a hacker that has gained unauthorized access to systems and remained undetected for a period of time. This advisory is important for any organization who uses Microsoft Exchange or Fortinet cyber-related products. The APT is attacking a broad range of targets across multiple U.S. infrastructure sectors, including Transportation, Healthcare, and Public Health using tactics like data exfiltration, encryption, ransomware, and extortion.
Because organizations’ vulnerabilities are being actively exploited right now, it is crucial to see if this could affect your organization. Read more about the recommended actions to protect your security and reach out to MGO’s Rodrigo Macias or Johnny Mays with any questions.
Immediate defense actions recommended include:
- Ensure you are up to date on the latest patches and system updates
- Update your organization’s blocklist (e.g., if Fortinet is not used, don’t allow key aspects of it to run on your system)
- Ensure your backups are taking place—and they are stored air gapped separate from your live network
- Implement network segmentation to restrict a potential adversary’s ability for lateral movement
- Perform a user access review/permissions clean-up to ensure admin/elevated access privileges are restricted only to those who need them. Employ the principle of least privilege for all users in your organization. If a subject does not need an access right, they should not have that right (no extraneous access)
- Instate multi-factor authentication to stop attackers in their tracks
- Require strong passwords
- Limit remote desktop protocol (RDP) as much as possible. Disable it where it is not needed and monitor RDP access/activity logs.
- Secure remote access by avoiding the use of public Wi-fi and adding VPN for remote access
- Add an email banner to emails received from outside your organization to defend against phishing
- Provide security training
- Monitor/disable the ability to click on hyperlinks in unknown emails