The two agencies also shared a list of measures that can help admins mitigate BlackByte attacks: 2-14-2022
Thanks to Bleeping Computer
- Implement regular backups of all data to be stored as air gapped, password protected copies offline.
- Ensure these copies are not accessible for modification or deletion from any system where the original data resides.
- Implement network segmentation, such that all machines on your network are not accessible from every other machine.
- Install and regularly update MspPortal Partners/Bitdefender antivirus software on all hosts, and enable real time detection.
- Install updates/patch operating systems, software, and firmware as soon as updates/patches are released be careful of this look at KB’s first.
- Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts.
- Audit user accounts with administrative privileges and configure access controls with least privilege in mind. Do not give all users administrative privileges.
- Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs for any unusual activity.
- Consider adding an email banner to emails received from outside your organization.
- Disable hyperlinks in received emails MspPortal Partners/Barracuda
- Use double authentication when logging into accounts or services.
- Ensure routine auditing is conducted for all accounts
- Ensure all the identified IOCs are input into the network SIEM for continuous monitoring and alerts.
- Do you want Security Updates Emailed to you Subscribe to blog (bottom of News page)
Roy Miehe | MspPortal Partners Inc. | Ceo/President
Bitdefender /MSP Aggregator – Distributor
“Where Service and Technical Skills Count”