FBI Warning Order: Increased and Imminent Cybercrime Threat Coordination

October 29, 2020 CynergisTek

On October 28th, the Department of Health and Human Services (HHS) coordinated a call with Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI).

The HHS, CISA, and FBI shared credible information about an increased and imminent cyber threat to US hospitals and healthcare providers. The joint government team has issued written documentation including preventative steps and mitigation strategies the sector can take to avoid becoming a victim of these attacks. Read the Joint Cybersecurity Advisory coauthored by the HHS, CISA, and FBI.

CISA and HHS will be sharing this information in order to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.

The threat appears to be related to the attempted takedown of the TrickBot botnet. You can read details here. According to security researchers Trickbot has been damaging to health care organizations and is lashing out with increased ransom demands, and detonation of ransomware is happening almost immediately after penetrating a network.

We recommend that you take the following steps:

Immediate:

  • Run a compromise assessment of your environment now… to look for signs of adversarial activity
  • Review your runbooks if you have them
  • Remove all single factor authentication in your environment
  • Make sure you are on Active Directory 2012 R2 or higher
  • Ensure all domain admins are in protected group users
  • Disable domain admin authentication on workstations
  • Limit personal email on company assets
  • Expedite patching

Next week

  • Get a Ransomware runbook if you do not already have one
  • Get an incident response retainer if you do not have one
  • Aggressively deploy endpoint protection, multi-factor authentication

Next month

  • Put network segmentation in your plans and start deploying

We recommend you review the Joint Cybersecurity Advisory document and implement all actions as soon as reasonably possible. Please feel free to contact us or email us with any questions to info@cynergistek.com.


 
Previous Article
How CynergisTek is Helping Defend Against Ransomware
How CynergisTek is Helping Defend Against Ransomware

With the announcement last week from the Department of Health and Human Services (HHS), Cybersecurity and I...

Next Article
Enforcement of CCPA Begins July 1st While Regulations Still in the Offing
Enforcement of CCPA Begins July 1st While Regulations Still in the Offing

With the start of enforcement of the California Consumer Privacy Act (CCPA) arriving in a few days, the jou...

×

Subscribe to Our Monthly Cyber Bulletins with the Latest News, Tips and More!

First Name
Last Name
Company
State
Thank You!
Error - something went wrong!