Jump to content

Welcome to ExtremeHW

Welcome to ExtremeHW, register to take part in our community, don't worry this is a simple FREE process that requires minimal information for you to signup.

 

Registered users can: 

  • Start new topics and reply to others.
  • Show off your PC using our Rig Creator feature.
  • Subscribe to topics and forums to get updates.
  • Get your own profile page to customize.
  • Send personal messages to other members.
  • Take advantage of site exclusive features.
  • Upgrade to Premium to unlock additional sites features.
Tech & Science News Posting Rules
IGNORED

FBI Warning—Gmail, Outlook And VPN Users Need To Act Now

Kaz

By Kaz
in Technology and Science

 Share

Recommended Posts

Kaz

Kaz

News Editor
325 309
Posted
Posted (edited)

 

  Quote

 

Mitigating Medusa—FBI Says Enable 2FA For Webmail And VPNs Now

When it comes to the immediate, as in right now, actions that all organizations should be taking in order to mitigate the Medusa ransomware attack campaigns, the FBI has recommended the following:

  • Require two-factor authentication for all services where possible, but in particular for webmail such as Gmail, Outlook and others, along with virtual private networks and any accounts that can access critical systems.
  • Require all accounts with password logins to use long passwords and consider not requiring frequently recurring password changes, as these can weaken security.
  • Retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location.
  • Keep all operating systems, software, and firmware up to date. Prioritize patching known exploited vulnerabilities in internet-facing systems.
  • Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a networking monitoring tool.
  • Monitor for unauthorized scanning and access attempts.
  • Filter network traffic by preventing unknown or untrusted origins from accessing remote services on internal systems.
  • Audit user accounts with administrative privileges and configure access controls according to the principle of least privilege.
  • Disable command-line and scripting activities and permissions.
  • Disable unused ports.Despite FBI And CISA Advice, The Hackers Must Be Laughing

 

Expand  
0x0.jpg?format=jpg&height=600&width=1200

144X144-F.png FBI Warning—Gmail, Outlook And VPN Users Need To Act Now

WWW.FORBES.COM
As Medusa Ransomware continues to gather pace, the FBI has warned that 2FA must be enabled for all webmail and VPNs as a matter of...

 

Medusa is the latest ransomware terror.  They use social engineering and any technological weaknesses to accomplish their goals.  They even use the post office!  As always, if you work in IT, make backups that are kept offline.

 

Edited by Kaz
  • Thanks 1
See all user awards
Link to comment
Share on other sites
Kaz

Kaz

News Editor
325 309
Posted
  • Author
Posted

As always, the biggest fish make the best catch.  Smaller fish may be catch and release.  

 

Medusa doesn't have to encrypt a drive, it's ability to snag credentials and infiltrate networks is what makes it so dangerous.  It's estimated that 70-90% of attacks are social engineering attacks.  You aren't likely to be the primary target of medusa as an individual.  Malware as a service is typically aimed at businesses.  However they may use any employee's e-mail to spread to company's computers, which means the employees are an indirect target.  That's why this is a general notice to everyone.

 

Think of it like Indian scam call centers.  An 18-23 year old probably doesn't have the assets they are looking for, but if they can reach your grandma, they just might take her retirement.

 

See all user awards
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


×
×
  • Create New...

Important Information

This Website may place and access certain Cookies on your computer. ExtremeHW uses Cookies to improve your experience of using the Website and to improve our range of products and services. ExtremeHW has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times. All Cookies used by this Website are used in accordance with current UK and EU Cookie Law. For more information please see our Privacy Policy

  I accept