Facebook-f Twitter Linkedin
Sales: (877) 516-0218
General: (678) 695-5500
GET IN TOUCH
Facebook-f Twitter Linkedin

Department of Homeland Security Issues Ransomware Alert

double exposure, businessman is touching scan identity to open hologram and unlock data online global to link viral information, cybersecurity technology background.

Cybersecurity

The Department of Homeland Security (DHS), National Cybersecurity and Communications Integration Center (NCCIC), and the Federal Bureau of Investigation (FBI) are issuing a national cybersecurity activity alert regarding the infamous SamSam ransomware that took down Atlanta and other large institutions.

According to the alert, threat actors exploit Windows servers to gain persistent access to a victim’s network and infect all reachable hosts. Since mid-2016, FBI analyses of victim’s machines indicates that cyber actors use Remote Desktop Protocol (RDP) to gain persistent access to victim’s networks. Typically, actors either use brute force attacks or stolen login credentials.

Detecting RDP intrusions can be challenging because the malware enters through an approved access point. After gaining access, SamSam actors will:

  1. Escalate privileges for administrator rights
  2. Drop malware onto the server
  3. Run an executable file—all without victim’s action or authorization

RDP allows cyber actors to infect victims with minimal detection. 

DHS and FBI recommend that users and admins follow best practices to strengthen the security posture of their organization’s systems. Please consider the following:

  • Audit your network for systems that use RDP for remote communication. Disable the service if unneeded or install available patches. Work with your technology vendor to confirm that patches will not affect system processes.
  • Verify that all cloud-based virtual machine instances with public IPs have no open RDP ports, especially post 3389, unless there is a valid business reason to keep open RDP ports. Place any system with an open RDP port behind a firewall and require users to use a virtual private network (VPN) to access.
  • Enable strong passwords and account lockout policies to defend against brute force attacks
  • Apply two-factor authentications where possible.
  • Regularly apply system and software updates
  • Disable file and printer sharing services. If required, use strong passwords or Active Directory authentication.

For more information on the risk printers and fax machines pose to your network, check out the 1Path blog.

RECENT POSTS

SHARE ON SOCIAL MEDIA

SUBSCRIBE TO OUR NEWSLETTER

Join 30K Business & IT Professionals by signing up for our email list to receive updates on IT and Cybersecurity directly in your inbox.

1Path_Logo_Horizontal
Facebook Twitter Linkedin

USEFUL RESOURCES

SERVICES & SOLUTIONS

HOME
ABOUT
CLIENT STORIES
FAQ
CLIENT PORTAL: ATLAS
BLU NORTH CONSULTING
IT OUTSOURCING
CO-MANAGED IT SUPPORT
TIER-1 SERVICE DESK
CLOUD SOLUTIONS
CYBER SECURITY

NAVIGATE TECHNOLOGY WITH CONFIDENCE

1Path isn’t simply an IT provider; we’re an end-to-end technology partner, and we’re invested in your company’s goals and growth. Contact us today to see how we can help alleviate your technology frustrations.

CONTACT US

© 2020 1Path

Privacy Policy

Partner Terms of Use

Licensing Information

NAVIGATE TECHNOLOGY
WITH CONFIDENCE.
CONTACT US.