Cyber   Security and Infrastructure Security (CISA) of the US Department of Homeland Security. The United States of America today issued a warning to all or any industries that operate in critical infrastructure a little threat from new ransomware, if not addressed, could have serious consequences.

The warning comes in response to a cyberattack targeting an unnamed gas pressure facility that used phishing to provide ransomware to the company’s internal network, encrypting important data and removing servers from service for about two days. .
“The cyber threat actor will not attack phishing to understand the initial access to the enterprise’s IT network before moving to its operating technology network. Then the threat actor implemented commodity ransomware programs to encrypt the information to affect both networks,” CISA said. Alert him.

Since ransomware attacks continue to increase in frequency and scope, the new development is another indication that phishing attacks are still an effective way to overcome security barriers that hackers cannot always exploit security vulnerabilities. To rape organizations.

CISA indicated that the attack did not affect any programmable logic controller (PLC) that the victim had not lost control of their operations. But after the accident, the company was reported to have started a deliberate shutdown, resulting in lost productivity and revenue.

Noting that the impact was confined to Windows-based systems and assets located within a single geographic location, he said the company was ready to overcome the attack by capturing replacement equipment and downloading the latest known good configurations.

Although the notification is backed by specific details of the attack, this is not the first time that phishing links will not be delivered to provide ransomware. item. Lake City Network died last June after an employee mistakenly opened a suspicious email that downloaded Emotet Trojan, which respectively downloaded TrickBot Trojan and Ryuk Ransomware.

The evolving threat landscape means that companies must take into account the full range of threats to their operations, including maintaining regular data backup and designing failover mechanisms in the off state.

In addition to securing the email channel and identifying and protecting the most important attacks that have been attacked, this also emphasizes the necessity of requiring appropriate anti-phishing measures to prevent social engineering attempts to reach incoming mail for their goals and enable people to discover transit email messages.

In addition, it is essential that vulnerable organizations protect the digital supply chain by dividing critical network infrastructure using firewalls and conducting periodic security audits to identify vulnerabilities and vulnerabilities.

For a complete list of mitigation measures to be taken, please request a CISA notice here.