Joint Advisory Warns of Ransomware Attacks Targeting Critical Infrastructure
A joint advisory issued by cybersecurity authorities in the UK, the US, and Australia that they have “observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally.” The advisory includes technical details about the observed attacks as well as suggested mitigations.
While the targets change as we deploy new services and technologies, the mitigations remain essentially the same – keep devices updated; MFA all the external entry points; segment systems, particularly OT and legacy systems which are running older applications and operating systems; turn off or disable insecure or unnecessary services; train the users; use immutable backups; monitor for maleficence.
It’s fantastic to see countries working together to address ransomware. Global challenges require global solutions. Keep in mind that ransomware is not a new type of attack, it is simply a new way to monetize a successful attack. The reason we have seen an explosion of ransomware is because it is so profitable - fast (and relatively safe) return on investments. According to the report, and no surprise here, the three steps to mitigating ransomware are focusing on the fundamentals - phishing, passwords and updating.