
Gamaredon Steals Data Too Quickly
Indicators of Compromise
APT Groups1
Campaign Guidance
Remediation, mitigation, notes, history and related intelligence
Organizations should adopt Attack Surface Management and create a continuous closed loop process.
A unified threat management strategy should be implemented, including security vulnerability and risk reduction processes, malware detection, and exploitation prevention technologies.
Digital Risk Protection (DRP) should be included in the general security posture to provide proactive defense against external threats.
A holistic security strategy should be implemented, including reducing the attack surface, effective patch management, active network monitoring, next-generation security solutions, and ready-to-use incident response plans.
Risk-based security vulnerability management should be created for assets that are deeply understood, and should take advantage of global Cyber Intelligence.
The effectiveness of a risk-based information security strategy, the implementation of security controls, and the application of security technologies should be monitored proactively and corrective actions should be taken.
The traditional security awareness model should be exceeded with advanced simulation and training exercises, and real attack scenarios should be imitated.
Detection processes should be tested and improved to ensure awareness of abnormal events. Patches should be applied to software/applications as soon as updates arrive.
Security automation should be considered to improve incident response, increase visibility of security metrics.
Protection measures should be created by monitoring/blocking IOCs and defenses based on provided tactical intelligence should be strengthened.
Behavioral anomaly-based detection technologies should be implemented to detect ransomware attacks.
A security audit combination such as reCAPTCHA, Device Fingerprint, IP Backlist, Rate Limiting, and Account Locking should be applied to prevent automatic brute force attacks.
Content filtering of email and web content should be focused on to prevent content from known and potentially malicious sources.
Multi-factor authentication (MFA) should be enabled for all accounts.
Ensure that patches are distributed on time by prioritizing Internet-facing infrastructure and sensitive systems.