A recent joint advisory co-authored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) provides valuable advice on how to build and maintain a strong cybersecurity posture in the face of advanced hacker attacks.
Although the notice is primarily aimed at educational institutions – amid a growing wave of ransomware attacks targeting schools across the US – the document includes a treasure trove of mitigation techniques for the most common cyber threats (and their attack vectors) targeting not just schools but pretty much every kind of organization.
In fact, the feds say the tactics and techniques described in the document have been frequently used against business and industry as well, especially in ransomware attacks.
The document talks at length about malware in general (i.e. Trojans, ransomware), Distributed Denial-of-Service (DDos) attacks, video conference disruptions, social engineering scams targeting unwary users, open/exposed ports, end-of-life software, and more. Mitigation techniques are offered for each headcount, with the authors encouraging educational providers to maintain business continuity plans to minimize disruptions in case of a cyber-attack, as well as to identify potential gaps.
“Through identifying and addressing these gaps, institutions can establish a viable continuity program that will help keep them functioning during cyberattacks or other emergencies,” according to the document.
Much of the Mitigation section is devoted to Network best practices – which should act as a cornerstone of anyone’s cybersecurity strategy – urging system administrators to:
A set of User Awareness best practices included in the document urges educational institutions to alert employees and students to existing threats such as ransomware and phishing scams, teach them how they are delivered and show them what to do (who to contact) when they see suspicious activity or when they believe they have fallen victim to a cyberattack.
In the Ransomware department, “The FBI and CISA do not recommend paying ransoms,” the notice states.
“Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. However, regardless of whether your organization decided to pay the ransom, the FBI urges you to report ransomware incidents to your local FBI field office. Doing so provides the FBI with the critical information they need to prevent future attacks by identifying and tracking ransomware attackers and holding them accountable under U.S. law,” according to the advisory.
The FBI and CISA point to the network best practices as a cornerstone in mitigating ransomware attacks, but they also recommend that organizations:
Regardless of industry, these Video-Conferencing best practices should now apply to any organization relying on a remote workforce:
The advisory also includes a table containing signatures for some of the most common pieces of malware used today. The authors note that “the listing is not fully comprehensive and should not be used at the exclusion of other detection methods.”
Finally, users are encouraged to contact their local FBI field office at www.fbi.gov/contact-us/field to report suspicious or criminal activity related to information found in the joint advisory. Again, this should apply to any organization that falls victim to a cyber-attack, regardless of industry or size. The feds recommend that victims include the date, time, and location of the incident if they can, plus the type of activity, the number of people affected, the type of equipment used for the activity, the name of the submitting organization and a designated point of contact.
A PDF version of the joint advisory can be found here.
Organizations should also consider investing in services like Managed Detection and Response (MDR) and technological defenses like Endpoint Detection and Response (EDR) technologies. These can compensate for these new challenges and help organizations face new threats, without taxing their security budgets.
tags
Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.
View all postsDon’t miss out on exclusive content and exciting announcements!