Do You Have MFA Enabled On ALL Remote Access?

photo-1515378791036-0648a3ef77b2-1920w

NetStandard’s Security Minute Series

The DoJ announced that it recovered “most” of the $4.4 million ransom that Colonial Pipeline paid, by seizing the BitCoin wallet: US recovers most of Colonial Pipeline’s $4.4M ransomware payment (bleepingcomputer.com)

  • This news is potentially huge, or potentially a one-time event. Time will tell. Hopefully it sends a message to the ransomware threat actors that the United States is getting serious.

Colonial Pipeline also announced the root cause of its attack – A single legacy account, which was enabled for VPN and did not have MFA. One password allowed hackers to disrupt Colonial Pipeline, CEO tells senators (yahoo.com)

  • All it takes is one account, one vulnerable weak point, for an attacker to get in. Make sure you have MFA enabled on ALL remote access, not just most!

If you have VMware vCenter, make sure it’s patched. A recent critical-severity vulnerability is being actively exploited: This is not a drill: VMware vuln with 9.8 severity rating is under attack | Ars Technica

It’s Patch Tuesday! Six zero-days this time. You know what to do: Microsoft patches six Windows zero-days, including a commercial exploit | The Record by Recorded Future
For those of you that have not gone through a ransomware incident (lucky you!), there’s a fascinating live-blog of a company going through it right now: Driftinfo – AK Techotel

  • Look at the time stamps on the posts. Even after the company agreed to pay the ransom, look at how long it took to get the decryption started, and how many problems they still had after that. Paying the ransom does not get you back up and running quickly!

Deep dive: Logging on to Windows – Microsoft Tech Community

On another note…

NetStandard

NetStandard

For over 25 years, NetStandard has been providing a wide range of technical solutions to various industries in the Kansas City metro area.