"New Ransomware Warning for Critical Infrastructure Providers"

The UK, US, and Australian authorities have issued a new warning for critical infrastructure (CNI) providers after a surge in ransomware attacks over the past year.  The joint cybersecurity advisory comes from the UK’s National Cyber Security Centre (NCSC), the Australian Cyber Security Centre (ACSC), and the FBI, NSA, and US Cybersecurity and Infrastructure Security Agency (CISA).  The agencies reported that 14 out of 16 US CNI sectors were hit by ransomware in 2021, while education was the number one target in the UK.  Phishing, stolen or brute-forced remote desktop protocol (RDP) credentials, and vulnerability exploitation remain the top threat vectors, with the agencies warning of growth in ransomware-as-a-service affiliates.  The joint cybersecurity advisory also warns that different ransomware groups in Eurasia are sharing information with each other.  However, it’s not clear in many instances if the groups are distinct or have merely rebranded.  The joint cybersecurity advisory also contains an extensive list of industry best practices that could help CNI firms mitigate the risk of ransomware compromise.  The agencies stated that ransomware groups have also increased their impact by targeting vulnerabilities in cloud applications, virtual machine software, orchestration software, and cloud accounts and APIs.  

Infosecurity reports: "New Ransomware Warning for Critical Infrastructure Providers"