FBI Issues Cybersecurity Alert to K-12 and Higher Education Institutions
This week, the FBI issued an alert to education sector organizations in the US of an increase in multi-stage, double extortion attacks leveraging the PYSA ransomware variant. According to reports, the initial threat vectors are 2 methods very commonly used on educational institutions - phishing emails and RDP endpoints hijacked via compromised credentials. Open-source advanced port scanners and advanced IP scanners are then used for network reconnaissance, before the installation of more open-source tools such as PowerShell Empire, Koadic, and Mimikatz to upload additional malware, grab passwords, and more. The FBI is warning that the threat actors also seek to disable anti-virus capabilities on the affected network before deploying the ransomware.
What can you do to ensure you’re protected?
- An email phishing awareness refresher is never a bad thing. Here is a great phishing IQ test that you can share with your staff. We also recommend regular simulated phishing campaigns on your staff to keep them sharp.
- If you are using it, move away from Open RDP and provide remote access via a VPN solution leveraging Multi-factor Authentication (MFA).
- Have a professional do a review of your edge security (firewall) to make certain that unnecessary Public Access is not open on your network(s).
- Utilize an endpoint security solution that NO longer relies only on a signature database for protection. Logically’s trusted next gen endpoint security solution of choice is SentinelOne.
- Review your endpoint security solution to ensure it is built to protect against the installation of open-source tools and ransomware.
Open-source tools like the ones noted above are so effective because they often go undetected. Intrusion detection and response solutions ensure these unauthorized tools do not go unnoticed and can even prevent their installation in some cases.
As always, please contact us if you’d like us to review your current defense and visibility tools to ensure you’re not negatively impacted by this latest cyberthreat.