FBI warns of Interlock threat – enable 2FA now.
There are some weeks that I almost feel like I have joined the Federal Bureau of Investigation, given the number of alerts that I am exposed to. Within just the last few days, I have shared a warning to 10 million Android users to disconnect their devices, another for all smartphone users as phantom hacker attacks continue, and now comes the FBI recommendation for Windows and Linux users to urgently enable two-factor authentication to complete the cyber-trilogy. Here’s everything you need to know when it comes to mitigating the Interlock ransomware threat.
FBI And CISA Issue Joint Interlock Ransomware Warning
A relatively new ransomware threat is, according to the Cybersecurity and Infrastructure Security Agency, on the rise and targeting both businesses and critical infrastructure providers with double-extortion attacks. A July 22 joint cybersecurity advisory, issued alongside the FBI under alert code aa25-203a, was prompted by ongoing FBI investigations that have identified both indicators of compromise and the tactics, techniques and procedures used by the attackers. “The FBI is aware of Interlock ransomware encryptors designed for both Windows and Linux operating systems,” the alert confirmed.
Although I would heartily recommend reading the full alert for all the technical details, the attacks can be summed up as employing drive-by-downloads and ClickFix social engineering to gain initial access. Once the system has been breached, the attackers then deployed credential stealers and keyloggers to obtain account credentials and execute the necessary lateral movement and privilege escalation required to deploy the ransomware and exfiltrate data.
This article, however, is less about the how or why (they are after money, duh!) and more concerned with mitigation. Luckily, the FBI has some excellent and detailed advice about how to prevent such attacks, so let’s take a look at what you need to do.
Mitigating The Interlock Ransomware Threat — The FBI Recommendations
Mitigating the Interlock threat
Prevention is always better than cure, and that is no truer than when applied to the world of cybersecurity. Mitigating a threat is the priority for every security team, nobody wants to be dealing with the fallout of failings to do. The FBI is aware of this, which is why the cybersecurity alert features a large, red bullet point mitigation table at the top of the advisory. It’s also why it’s the focus of this article.
While the “actions for organizations to take today” list is, of course, extremely valuable, it is not the complete litigation picture. For that you need to dig deeper into the alert itself. Personally, I would move number four up to number one as well – especially the employing 2FA across accounts advice, as this is crucial in preventing the lateral movement and privilege escalation that enables a successful ransomware attack.
But anyhoo, let’s explore the full FBI mitigation advice in our own bullet point list, shall we?
- Require multi-factor authentication, or 2FA as many still refer to it, across all services and accounts where possible, but particularly “webmail, virtual private networks, and accounts that access critical systems.”
- Employ web access firewalls to prevent process injection from malicious domains, along with domain name system filtering to block access in the first place.
- Ensure all accounts comply with NIST password standards.
- Keep all operating systems, firmware and software up to date through a managed and prioritized patching system.
- Employ network segmentation to prevent lateral movement by adversaries.
- Review domain controllers, servers, workstations, and active directories for new or unrecognized accounts.
- Disable unused ports.
- Disabling utilities that run from the command line so as to make it harder for adversaries to escalate privileges and move laterally through the network.
And, as the FBI notes, implement a recovery plan!
Source link
