Robert W.’s Post

New Post: #CISA: Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments - https://lnkd.in/dX9FBuxD 10/31/2024 08:00 AM EDT CISA has received multiple reports of a large-scale spear-phishing campaign targeting organizations in several sectors, including government and information technology (IT). The foreign threat actor, often posing as a trusted entity, is sending spear-phishing emails containing malicious remote desktop protocol (RDP) files to targeted organizations to connect to and access files stored on the target’s network. Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network. CISA, government, and industry partners are coordinating, responding, and assessing the impact of this campaign. CISA urges organizations to take proactive measures:  Restrict Outbound RDP Connections: It is strongly advised that organizations forbid or significantly restrict outbound RDP connections to external or public networks. This measure is crucial for minimizing exposure to potential cyber threats. Implement a Firewall along with secure policies and access control lists. Block RDP Files in Communication Platforms: Organizations should prohibit RDP files from being transmitted through email clients and webmail services. This step helps prevent the accidental execution of malicious RDP configurations. Prevent Execution of RDP Files:  Implement controls to block the execution of RDP files by users. This precaution is vital in reducing the risk of exploitation. Enable Multi-Factor Authentication (MFA): Multi-factor authentication must be enabled wherever feasible to provide an essential layer of security for remote access. Avoid SMS MFA whenever possible. Adopt Phishing-Resistant Authentication Methods: Organizations are encouraged to deploy phishing-resistant authentication solutions, such as FIDO tokens. It is important to avoid SMS-based MFA, as it can be vulnerable to SIM-jacking attacks. Implement Conditional Access Policies: Establish Conditional Access Authentication Strength to mandate the use of phishing-resistant authentication methods. This ensures that only authorized users can access sensitive systems. Deploy Endpoint Detection and Response (EDR): Organizations should implement Endpoint Detection and Response (EDR) solutions to continuously monitor for and respond to suspicious activities within the network. Consider Additional Security Solutions: In conjunction with EDR, organizations should evaluate the deployment of antiphishing and antivirus solutions to bolster their defenses against emerging threats. Conduct User Education: Robust user education can help mitigate the threat of

New Post: #CISA: Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments - https://lnkd.in/dX9FBuxD 10/31/2024 08:00 AM EDT CISA has received multiple reports of a large-scale spear-phishing campaign targeting organizations in several sectors, including government and information technology (IT). The foreign threat actor, often posing as a trusted entity, is sending spear-phishing emails containing malicious remote desktop protocol (RDP) files to targeted organizations to connect to and access files stored on the target’s network. Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network. CISA, government, and industry partners are coordinating, responding, and assessing the impact of this campaign. CISA urges organizations to take proactive measures:  Restrict Outbound RDP Connections: It is strongly advised that organizations forbid or significantly restrict outbound RDP connections to external or public networks. This measure is crucial for minimizing exposure to potential cyber threats. Implement a Firewall along with secure policies and access control lists. Block RDP Files in Communication Platforms: Organizations should prohibit RDP files from being transmitted through email clients and webmail services. This step helps prevent the accidental execution of malicious RDP configurations. Prevent Execution of RDP Files:  Implement controls to block the execution of RDP files by users. This precaution is vital in reducing the risk of exploitation. Enable Multi-Factor Authentication (MFA): Multi-factor authentication must be enabled wherever feasible to provide an essential layer of security for remote access. Avoid SMS MFA whenever possible. Adopt Phishing-Resistant Authentication Methods: Organizations are encouraged to deploy phishing-resistant authentication solutions, such as FIDO tokens. It is important to avoid SMS-based MFA, as it can be vulnerable to SIM-jacking attacks. Implement Conditional Access Policies: Establish Conditional Access Authentication Strength to mandate the use of phishing-resistant authentication methods. This ensures that only authorized users can access sensitive systems. Deploy Endpoint Detection and Response (EDR): Organizations should implement Endpoint Detection and Response (EDR) solutions to continuously monitor for and respond to suspicious activities within the network. Consider Additional Security Solutions: In conjunction with EDR, organizations should evaluate the deployment of antiphishing and antivirus solutions to bolster their defenses against emerging threats. Conduct User Education: Robust user education can help mitigate the threat of

Sharing for awareness. As an investment adviser, or quite frankly any business, this should be top of mind daily and your firm will want to have the most robust security protocols and employee awareness training. Never compromise, as your firm and your clients will be at risk. Also, as noted previously, this is a high priority with the SEC. #cco #investmentadviser #cybersecurity #phishing #sec #compliance #training

Urgent Advisory: Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign The Cybersecurity and Infrastructure Security Agency (CISA) has identified a major spear-phishing campaign targeting government entities, IT organizations, and other critical sectors. A foreign threat actor, impersonating trusted contacts, is distributing emails embedded with malicious Remote Desktop Protocol (RDP) files, aiming to infiltrate networked systems. Once access is obtained, the attacker could deploy malicious code, gaining persistent control over the target's network - a substantial risk to sensitive information and infrastructure. Here's what organizations can do immediately to protect themselves: Restrict Outbound RDP Connections Minimize exposure by blocking or limiting RDP connections to external networks. Consider implementing firewalls with secure policies and access control lists to further secure communication channels. Block RDP Files in Communication Platforms Disable the transmission of RDP files through email and webmail to prevent accidental execution of harmful configurations. Prevent Execution of RDP Files Implement restrictions that prevent users from executing RDP files to reduce potential exploit avenues. Enable Multi-Factor Authentication (MFA) MFA is essential, but avoid SMS-based MFA whenever possible to guard against SIM-jacking. Use phishing-resistant methods, such as FIDO tokens, to ensure robust security for remote access. Implement Conditional Access Policies Enforce Conditional Access Authentication Strength to limit access to only authorized users, adding another layer of security. Deploy Endpoint Detection and Response (EDR) With EDR solutions, you can continuously monitor network activity and swiftly respond to suspicious events. This is crucial for detecting and addressing threats in real-time. User Education Employee awareness is one of the strongest defenses against social engineering. Invest in a training program that teaches employees how to recognize and report phishing attempts. Search for Indicators of Malicious Activity Use available threat indicators and tactics, techniques, and procedures (TTPs) to scan your network for unauthorized activity - especially for unusual outbound RDP connections from the past year. As cyber threats grow increasingly sophisticated, proactive and layered defenses are our best strategy for securing our digital landscapes. By implementing these measures, organizations can stay a step ahead and safeguard their critical systems from potential attacks. #AdvisorDefense #CyberSecurity #ThreatIntelligence #PhishingProtection #DataSecurity #CISA https://lnkd.in/e4kYiNe7

Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments October 31, 2024, CISA https://lnkd.in/etMBZWH7 CISA has received multiple reports of a large-scale spear-phishing campaign targeting organizations in several sectors, including government and information technology (IT). The foreign threat actor, often posing as a trusted entity, is sending spear-phishing emails containing malicious remote desktop protocol (RDP) files to targeted organizations to connect to and access files stored on the target’s network. Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network. CISA urges users and administrators to remain vigilant against spear-phishing attempts, hunt for any malicious activity, report positive findings to CISA, and review the following articles for more information: ·      Microsoft: Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files:https://lnkd.in/eMsfrYZB ·      AWS Security: Amazon identified internet domains abused by APT29:https://lnkd.in/eees7Eu6 ·      The Centre for Cybersecurity Belgium: Warning: Government-themed Phishing with RDP Attachments:https://lnkd.in/eitNNX6u ·      Computer Emergency Response Team of Ukraine: RDP configuration files as a means of obtaining remote access to a computer or "Rogue RDP": https://lnkd.in/eu-B8_aY

CISA has received multiple reports of a large-scale spear-phishing campaign targeting organizations in several sectors, including government and information technology (IT). The foreign threat actor, often posing as a trusted entity, is sending spear-phishing emails containing malicious remote desktop protocol (RDP) files to targeted organizations to connect to and access files stored on the target’s network. Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network.  CISA, government, and industry partners are coordinating, responding, and assessing the impact of this campaign. CISA urges organizations to take proactive measures: - Restrict Outbound RDP Connections - Block RDP Files in Communication Platforms - Prevent Execution of RDP Files - Enable Multi-Factor Authentication (MFA) - Adopt Phishing-Resistant Authentication Methods - Implement Conditional Access Policies - Deploy Endpoint Detection and Response (EDR - Consider Additional Security Solutions - Conduct User Education - Recognize and Report Phishing - Hunt For Activity Using Referenced Indicators and TTPs CISA is urging users and administrators to remain vigilant against spear-phishing attempts, hunt for any malicious activity, report positive findings to CISA, and review the following articles for more information: - Microsoft: Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files - AWS Security: Amazon identified internet domains abused by APT29 - The Centre for Cybersecurity Belgium: Warning: Government-themed Phishing with RDP Attachments - Computer Emergency Response Team of Ukraine: RDP configuration files as a means of obtaining remote access to a computer or "Rogue RDP" #StayCyberSafeMyFriends #cybersecurity #cybersecurityawareness

Session cookie replay attacks pose a considerable risk to digital security, allowing cybercriminals to exploit an unsuspecting user’s session information to impersonate them on a targeted website. The potential consequences are far-reaching, from compromising individual accounts to potentially gaining control over an entire Access Management system. While no security measure can be foolproof, a multi-faceted approach that combines strong user authentication, privilege management, monitoring, and rapid response can significantly reduce the vulnerability to session cookie replay attacks. Organizations must adapt and evolve their security strategies to stay one step ahead of these threats, ensuring the integrity and safety of their digital ecosystems. #Onelogin

Dive into the depths of cybersecurity with our latest blog post! Uncover the hidden threat of subtextual attacks lurking in digital communications. Stay ahead of cyber adversaries by understanding their covert tactics. Read now to fortify your defenses! #cybersecurity #threatanalysis #digitaldefense https://lnkd.in/gerFaFs2

Managed Detection and Response, or MDR, is technology that can alert your security team of anomalous activity or threats in your network in real time. While banks and hospitals often dominate headlines concerning cyber incidents, other sectors are increasingly vulnerable to malicious actors. Establishing a strong cybersecurity program is imperative for any organization. Get all the information and more by clicking below! #MDR #manageddetectionresponse

#Cybersecurity Day 28: Man-in-the-Middle (MitM) Attacks Imagine you're sharing sensitive information, believing it's secure, but someone secretly intercepts and possibly alters it. This is the essence of a Man-in-the-Middle (MitM) Attack—a cyberthreat that exploits communication vulnerabilities. What Is a MitM Attack? A MitM attack occurs when an attacker secretly intercepts or manipulates the communication between two parties, such as a user and a website or two devices on a network. How MitM Attacks Work Interception: The attacker intercepts data being transmitted. This is often done on public Wi-Fi networks or via malware. Decryption: In advanced attacks, encrypted communication can be decrypted to access sensitive information like passwords, financial data, or private messages. Manipulation: Sometimes, attackers modify the data before passing it along, such as altering transactions or redirecting users to fake websites. Types of MitM Attacks Wi-Fi Eavesdropping: Hackers set up fake public Wi-Fi hotspots to intercept data. Session Hijacking: Attackers steal a user’s session ID to gain unauthorized access to an account. DNS Spoofing: Users are redirected to malicious websites by altering DNS responses. HTTPS Stripping: Attackers downgrade secure HTTPS connections to less secure HTTP, making data easier to intercept. How to Protect Against MitM Attacks Use Encrypted Connections: Always ensure websites use HTTPS. Avoid Public Wi-Fi: If you must use it, connect via a Virtual Private Network (VPN). Update Software: Keep your devices and apps updated to protect against vulnerabilities. Use Strong Authentication: Enable two-factor authentication (2FA) wherever possible. Validate Certificates: Pay attention to browser warnings about invalid security certificates. Pro Tip Invest in a reliable VPN to encrypt all your online activities, especially when on public networks. Man-in-the-Middle attacks are stealthy but preventable. By being cautious with your connections and prioritizing encryption, you can stop attackers from eavesdropping on your digital conversations. #CyberSecurity #MitMAttacks #OnlineSafety #DataProtection #NetworkSecurity #InfoSec #CyberB