Russian cybercriminals are targeting cloud networks and email accounts to steal information, using compromised accounts and system misconfiguration to blend in with normal traffic in less-monitored environments and reduce the likelihood of being detected.
Ten recommendations to protect your organization against Russian cyberattackers:
- Cyberattackers are launching password spraying campaigns from different IP addresses to avoid detection. Mandatory use of multifactor authentication can mitigate their success.
- Prohibit remote access to administrative functions and resources from IP addresses and systems not owned by the organization.
- Regularly audit mailbox settings, account permissions and mail forwarding rules to look for evidence of unauthorized changes.
- Enforce the use of strong passwords to prevent easily guessed or common passwords, especially for administrative accounts.
- Regularly review the organization’s password management program.
- Ensure the organization’s IT support team has standard operating procedures for password resets of user account lockouts.
- Maintain a regular cadence of security awareness training for all hospital employees.
- Cybercriminals are also leveraging zero-day vulnerabilities; for this, the FBI recommends ensuring the network host’s alert system is on in case of unauthorized access.
- Immediately configure newly added systems to the network so the organization’s security baseline can be restored.
- Russian foreign actors are also deploying WELLMESS malware. The FBI said to deploy software to identify suspicious behavior to avoid these attacks.
