The firm advises organizations to check if EBS portals are publicly accessible (via https:///OA_HTML/AppsLocalLogin.jsp#) and if so, immediately restrict exposure. It is also critical to enforce MFA for all accounts; remove or “tightly control” internet access to EBS via hardened reverse proxies that bounce traffic; disable or secure password reset abilities and require secondary verification; monitor for anomalous logins and reset attempts; and deploy anti-ransomware tools.
As a standard practice, organizations should train users, especially executive staff, on threat actor tactics, so they are naturally wary of emails, texts, or voice calls that “play on fear, urgency, or claim knowledge of systems by name,” Info-Tech’s Avakian advised. Executives in particular should not “engage rashly” when receiving a threatening message.
In addition, security teams should investigate, validate, and look for any evidence of successful exfiltration. This can include examining logs and looking for unusual queries or large amounts of data being exported.
