The two agencies also shared a list of measures that can help admins mitigate BlackByte attacks: 2-14-2022

The two agencies also shared a list of measures that can help admins mitigate BlackByte attacks: 2-14-2022

Thanks to Bleeping Computer

1. Implement regular backups of all data to be stored as air gapped, password protected copies offline.
2. Ensure these copies are not accessible for modification or deletion from any system where the original data resides.
3. Implement network segmentation, such that all machines on your network are not accessible from every other machine.
4. Install and regularly update MspPortal Partners/Bitdefender antivirus software on all hosts, and enable real time detection.
5. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released be careful of this look at KB’s first.
6. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts.
7. Audit user accounts with administrative privileges and configure access controls with least privilege in mind. Do not give all users administrative privileges.
8. Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs for any unusual activity.
9. Consider adding an email banner to emails received from outside your organization.
10. Disable hyperlinks in received emails MspPortal Partners/Barracuda
11. Use double authentication when logging into accounts or services.
12. Ensure routine auditing is conducted for all accounts
13. Ensure all the identified IOCs are input into the network SIEM for continuous monitoring and alerts.
14. Do you want Security Updates Emailed to you Subscribe to blog (bottom  of News page)
    

     

    Roy Miehe | MspPortal Partners Inc. | Ceo/President

    Bitdefender /MSP Aggregator – Distributor

    “Where Service and Technical Skills Count”