Industrial Control Systems Cyber Emergency Response TeamAA24-131A#StopRansomware: Black Basta
Actions for critical infrastructure organizations to take today to mitigate cyber threats from ransomware:
- Install updates for operating systems, software, and firmware as soon as they are released.
- Require phishing-resistant MFA for as many services as possible.
- Train users to recognize and report phishing attempts.
References
attack.mitre.org/versions/v12/techniques/T1190/
attack.mitre.org/versions/v15/matrices/enterprise/
attack.mitre.org/versions/v15/techniques/T1036/
attack.mitre.org/versions/v15/techniques/T1036/
attack.mitre.org/versions/v15/techniques/T1059/001/
attack.mitre.org/versions/v15/techniques/T1059/001/
attack.mitre.org/versions/v15/techniques/T1068/
attack.mitre.org/versions/v15/techniques/T1068/
attack.mitre.org/versions/v15/techniques/T1078/
attack.mitre.org/versions/v15/techniques/T1190/
attack.mitre.org/versions/v15/techniques/T1486/
attack.mitre.org/versions/v15/techniques/T1486/
attack.mitre.org/versions/v15/techniques/T1490/
attack.mitre.org/versions/v15/techniques/T1490/
attack.mitre.org/versions/v15/techniques/T1562/001/
attack.mitre.org/versions/v15/techniques/T1562/001/
attack.mitre.org/versions/v15/techniques/T1566/
attack.mitre.org/versions/v15/techniques/T1566/001/
cwe.mitre.org/data/definitions/20.html
cwe.mitre.org/data/definitions/269.html
cwe.mitre.org/data/definitions/269.html
cwe.mitre.org/data/definitions/288.html
cwe.mitre.org/data/definitions/330.html
github.com/cisagov/Decider/
hphcyber.hhs.gov/performance-goals.html
nvd.nist.gov/vuln/detail/CVE-2020-1472
nvd.nist.gov/vuln/detail/CVE-2021-34527
nvd.nist.gov/vuln/detail/CVE-2021-42278
nvd.nist.gov/vuln/detail/CVE-2021-42287
nvd.nist.gov/vuln/detail/CVE-2024-1709
nvd.nist.gov/vuln/detail/CVE-2024-1709
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=%23StopRansomware%3A%20Black%20Basta+https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a
unit42.paloaltonetworks.com/threat-assessment-black-basta-ransomware/
unit42.paloaltonetworks.com/threat-assessment-black-basta-ransomware/
www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/black-basta
www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/black-basta
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals#BasicCybersecurityTraining2I
www.cisa.gov/cross-sector-cybersecurity-performance-goals#MitigatingKnownVulnerabilities1E
www.cisa.gov/cross-sector-cybersecurity-performance-goals#PhishingResistantMultifactorAuthenticationMFA2H
www.cisa.gov/cross-sector-cybersecurity-performance-goals#SystemBackups2R
www.cisa.gov/forms/report
www.cisa.gov/known-exploited-vulnerabilities-catalog
www.cisa.gov/known-exploited-vulnerabilities-catalog
www.cisa.gov/news-events/cybersecurity-advisories/aa23-242a
www.cisa.gov/news-events/news/best-practices-mitre-attckr-mapping
www.cisa.gov/resources-tools/resources/enhance-email-web-security
www.cisa.gov/resources-tools/resources/guide-securing-remote-access-software
www.cisa.gov/resources-tools/resources/mitigation-guide-healthcare-and-public-health-hph-sector
www.cisa.gov/resources-tools/resources/phishing-guidance-stopping-attack-cycle-phase-one
www.cisa.gov/sites/default/files/publications/fact-sheet-implementing-phishing-resistant-mfa-508c.pdf
www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc
www.cisa.gov/stopransomware
www.cisa.gov/stopransomware/ransomware-guide
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a&title=%23StopRansomware%3A%20Black%20Basta
www.fbi.gov/contact-us/field-offices
www.ic3.gov/
www.instagram.com/cisagov
www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis
www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a
www.oig.dhs.gov/
www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a
www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackbasta
www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackbasta
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=%23StopRansomware%3A%20Black%20Basta&body=www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a
Related
