Consider employing password-less MFA that replace passwords with two or more verification factors (e.g., a fingerprint, facial recognition, device pin, or a cryptographic key).Escalate to senior management upon discovery of systems that do not allow MFA, systems that do not enforce MFA, and any users who are not enrolled with MFA. Implement phishing-resistant multi-factor authentication (MFA) for all services, particularly for email, VPNs, and accounts that access critical systems.Threat actors also often gain access by exploiting virtual private networks (VPNs) or using compromised credentials. Threat actors often gain initial access to a network through exposed and poorly secured remote services, and later traverse the network using the native Windows RDP client. If RDP is necessary, apply best practices. Limit the use of RDP and other remote desktop services.Since the CISA list of recommendations is huge we will focus on the new points, with links to further Malwarebytes resources, and add our own set of recommendations at the end. Threat hunting tips for detection and analysis of ransomware actors.Updated recommendations to address cloud backups and zero trust architecture (ZTA).Recommendations for preventing common initial infection vectors.The #StopRansomware guide is set up as a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover from them, including step-by-step approaches to address potential attacks. The Cybersecurity and Infrastructure Security Agency (CISA) has updated its #StopRansomware guide to account for the fact that ransomware actors have accelerated their tactics and techniques since the original guide was released in September of 2020.
0 kommentar(er)
