[Mail_supt] Cyber Attack Warnings

Thor Sage sage at mveca.org
Tue Mar 1 13:01:58 EST 2022 

Good afternoon,
Please be advised that we are seeing numerous warnings associated with the Russia-Ukraine Crisis and potential cyber-attacks.  It is critical that we take these seriously.  Here's a link to some excellent material around these warnings and the threats that are being seen at this time:
https://unit42.paloaltonetworks.com/preparing-for-cyber-impact-russia-ukraine-crisis/

Palo Alto recommends organizations prioritize actions in the following four areas:

1.       Patch Internet-Facing and Business Critical Software: Apply patches for any software containing vulnerabilities - not just those known to be exploited in the wild. This is most urgent for software that is internet-facing and necessary for your business's operations, such as webmail, VPNs and other remote access solutions.

2.       Prepare for Ransomware and/or Data Destruction: A likely form of disruptive cyberattack will either use ransomware or a destructive attack that poses as ransomware. As we saw with the NotPetya attacks in 2017 and the WhisperGate attacks just last month, an attack that demands a ransom may not actually be "ransomware." The malware used in these attacks destroyed data without any chance of recovery, using the ransom demand simply to cover its true intention. The use of HermeticWiper further demonstrates this point. The preparation required to prevent and recover from these attacks is similar in either case. Testing back-up and recovery plans is critical, as well as testing your continuity of operations plan in case your network or other key systems are disabled in the attack.

3.       Be Prepared to Respond Quickly: Ensure that you designate points of contact across your organization in key areas in case of a cybersecurity incident or disruption in critical infrastructure. Test your communication protocol (and backup protocols) to avoid being caught without a clear mechanism to disseminate critical information. Perform a table-top exercise with all of the key parties to walk through how you would respond in the event the worst happens.

4.       Lock Down Your Network: Making small policy changes can decrease the likelihood of a successful attack against your network. Recent attacks have abused popular chat applications like Trello and Discord to distribute malicious files. Users didn't need to use the software to be impacted, the attackers simply used the platforms to host links to files. Many applications can be abused in this way, and if your organization doesn't require their functionality, blocking them will improve your security posture.

Please alert MVECA immediately in the event that you detect malicious, on-network activity.
Thank you,
Thor

Thor Sage
Executive Director
Miami Valley Educational Computer Association
937-767-1468  x3101
[http://www.mveca.org/images/logo.gif]<http://www.mveca.org/>       [i] <https://www.linkedin.com/company/mveca/> [t] <https://twitter.com/mvecarcog>
Not-for-profit Technology Services for Education and Local Governments


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listserv.mveca.org/pipermail/mail_supt/attachments/20220301/44320607/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3184 bytes
Desc: image001.jpg
URL: <http://listserv.mveca.org/pipermail/mail_supt/attachments/20220301/44320607/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 1229 bytes
Desc: image002.jpg
URL: <http://listserv.mveca.org/pipermail/mail_supt/attachments/20220301/44320607/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 1197 bytes
Desc: image003.jpg
URL: <http://listserv.mveca.org/pipermail/mail_supt/attachments/20220301/44320607/attachment-0002.jpg>

More information about the Mail_supt mailing list