24.02.2022 In today’s live briefing update the Australian Prime Minister announced Australian companies could be hit with malicious cyber activity as a result of tensions which continue to escalate between Russia, Ukraine and NATO Members.
SureCity Networks are closely monitoring the situation and recommend all Australian & NZ businesses increase vigilance, monitoring and strengthen security posture where possible. For our MSSP customers, we are already taking care of the below;
- Geo-restrict inbound connections
- Restrict inbound connections from IP addresses that are provided by bulletproof hosting providers (TOR, etc..)
- Ingest related IOCs for threat hunts and monitoring correlation at the SIEM-level
- Ensure all (at least externally facing systems) are fully patched
- Ensure Threat Prevention (including Endpoint Protection) for all systems is configured for block, rather than alert
- Ensure your Incident Plan is updated and ready to go
- Ensure your Business Continuity Plan is tested and ready to go
- Ensure you are automating perimeter blocking for suspicious and known bad-actors. We have our own Threat Intelligence feed that we are offering for free. We have tracked and blocked for our customers an increase of 338.814% over the past 24 hours.