May 05, 2020
CISA and NCSC Release Joint Cybersecurity Alert
The United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) have released a joint alert in response to the increase of cyber attacks against healthcare and essential services.
The CISA and NCSC joint alert indicates advanced persistent threat (APT) groups are exploiting the global health crisis. The organizations released a similar joint alert in April after an increase in attacks relying on phishing and malware distribution using pandemic-themed lures.
According to the alert, there are various patterns to watch out for:
- COVID-19-related targeting: Cybercriminals are targeting organizations involved in both national and international COVID-19 responses. These organizations include healthcare bodies, pharmaceutical companies, academia, medical research organizations, and local governments.
- COVID-19-related password spraying activity: CISA and NCSC are actively investigating large-scale password spraying campaigns conducted by APT groups.
The joint alert offers some mitigation options to protect businesses from these attacks:
- Update VPNs, network infrastructure devices, and devices used to remotely connect into work environments with the latest software patches and configurations.
- Use multi-factor authentication to reduce the impact of password compromises.
- Protect the management interfaces of your critical operational systems. In particular, use browse-down architecture to prevent attackers from easily gaining privileged access to your most vital assets. See the NCSC blog on protecting management interfaces.
- Set up a security monitoring capability so you are collecting the data that will be needed to analyze network intrusions. See the NCSC introduction to logging security purposes.
- Review and refresh your incident management processes. See the NCSC guidance on incident management.
- Use modern systems and software. These have better security built in. If you cannot move off out-of-date platforms and applications straight away, there are short-term steps you can take to improve your position. See the NCSC guidance on obsolete platform security.
- Further information: Invest in preventing malware-based attacks across various scenarios. See CISA’s guidance on ransomware and protecting against malicious code. Also see the NCSC guidance on mitigating malware and ransomware attacks.
Datto is Here to Help
More than ever, SMBs will turn to their MSPs for guidance to help them navigate these uncertain times and avoid evolving threats. Throughout this time, Datto is here to help keep the MSP community informed, connected, and strong. Head to our Help Center for the latest resources and information.