As always, we use discretion in our curation and posting of US-CERT announcements.  But we always prioritize Joint CSAs from the Five Eyes or domestic U.S. joint intelligence collaborations.  The larger efforts only put out a Joint CSA if they really want to surface the issues at hand as soon as possible and really encourage organizations to take immediate action.

Earlier this week, we included this Joint CSA in the News Brief this week:  New Ransomware Warning for Critical Infrastructure Providers.

We know our readership has busy weeks.  This post is designed as a non tl;dr reminder about this joint CSA for a quick review when time permits as you wind down your week today.

From the Press Release:

With the FBI Cyber Division, National Security Agency, Australian Cyber Security Centre, and the United Kingdom’s National Cyber Security Centre, we issued a joint Cybersecurity Advisory on the tactics and techniques used by ransomware groups in 2021.  The observations in this advisory demonstrate cyber criminals’ growing technological sophistication and the increased ransomware threat to organizations globally.

The cyber authorities observed that these ransomware groups have increased their impact by targeting cloud infrastructure, industrial processes, and software supply chains. Phishing emails, remote desktop protocol (RDP) exploitation, and exploiting of known vulnerabilities in software remained the top three initial infection vectors for gaining access. Once a ransomware threat actor has gained network access, they can deploy ransomware.

Every executive and leader should assess and ensure their business, organization, or government agency is taking appropriate and timely action to reduce their risk to ransomware.

Immediate Actions You Can Take Now to Protect Against Ransomware:

• Update your operating system and software.
• Implement user training and phishing exercises to raise awareness about the risks of suspicious links and attachments.
• If you use Remote Desktop Protocol (RDP), secure and monitor it.
• Make an offline backup of your data.
• Use multifactor authentication (MFA).

A direct link to Joint CSA AA22-040A: 2021_Trends_Show_Increased_Globalized_Threat_of_Ransomware.pdf (cisa.gov)

Related Reading:

Black Swans and Gray Rhinos

Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis

Explore OODA Research and Analysis

Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency

Community

The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community