As we increasingly rely on digital tools for our everyday tasks, the cyber landscape is evolving and growing more complex by the day. As such, it is critical for us to keep up with the latest cybersecurity news and developments. A recent incident that made headlines involves a cybercriminal group known as BianLian.
On May 18, 2023, three major security organizations – the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Cyber Security Centre (ACSC) – issued recommendations aimed at helping critical infrastructure organizations protect their networks against ransomware attacks and data extortion threats posed by BianLian1.
What makes BianLian different from other ransomware groups is that it primarily relies on the technical exploitation of remote access tools rather than phishing emails, according to John Riggi, the national advisor for cybersecurity and risk at the American Hospital Association (AHA)2. This represents a shift in tactics that organizations must be aware of and prepared for.
But there’s more. The BianLian group has taken ransomware attacks a step further by focusing on data extortion. This involves the theft of sensitive data and the threat to publicize it unless a ransom is paid. This evolving approach underscores the need for enhanced security measures and greater vigilance.
How can organizations protect themselves? Riggi offers several key recommendations:
- Strict Control of Remote Access Software: In light of BianLian’s reliance on the exploitation of remote access tools, it’s essential to have strict controls in place. This includes not only implementing robust security measures but also continuously monitoring these systems.
- Limited External Access: Restricting external access as much as possible can significantly reduce the risk of an attack. This involves implementing measures such as firewall restrictions and VPN usage.
- Phishing-Resistant Multifactor Authentication: Multifactor authentication has long been a foundational cybersecurity practice. It’s even more crucial now to employ this measure, given the evolving tactics of ransomware groups.
In conclusion, as cyber threats evolve, so too must our defensive strategies. The recent activities of the BianLian group serve as a reminder that cybersecurity is a dynamic field, requiring continuous learning, adaptation, and vigilance. Let’s take these recent recommendations to heart and ensure we’re doing everything we can to protect our networks, our data, and ultimately, our organizations.