Russian Foreign Intelligence Service cyberattackers are targeting American companies to gain leverage for exploitation. To secure your hospital, the FBI, Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency recommends 10 tips for users and administrators on implementing mitigation measures.
Russian cybercriminals are targeting cloud networks and email accounts to steal information, using compromised accounts and system misconfiguration to blend in with normal traffic in less-monitored environments and reduce the likelihood of being detected.
Ten recommendations to protect your organization against Russian cyberattackers:
- Cyberattackers are launching password spraying campaigns from different IP addresses to avoid detection. Mandatory use of multifactor authentication can mitigate their success.
- Prohibit remote access to administrative functions and resources from IP addresses and systems not owned by the organization.
- Regularly audit mailbox settings, account permissions and mail forwarding rules to look for evidence of unauthorized changes.
- Enforce the use of strong passwords to prevent easily guessed or common passwords, especially for administrative accounts.
- Regularly review the organization's password management program.
- Ensure the organization's IT support team has standard operating procedures for password resets of user account lockouts.
- Maintain a regular cadence of security awareness training for all hospital employees.
- Cybercriminals are also leveraging zero-day vulnerabilities; for this, the FBI recommends ensuring the network host's alert system is on in case of unauthorized access.
- Immediately configure newly added systems to the network so the organization's security baseline can be restored.
- Russian foreign actors are also deploying WELLMESS malware. The FBI said to deploy software to identify suspicious behavior to avoid these attacks.