Security Advisory issued by MT-CSIRT
Everyone is exposed to cyberthreats every day, but there are moments when vigilance needs to be further strengthened. Due to the current situation of increased cyber-attacks on an international level, and the risk of these spilling to other countries, the Malta Information Technology Agency representing the Government MT-CSIRT, sees the need to constantly remind organisations and individuals of what can be done to ensure that cyber hygiene and cyber best practices are followed, and where necessary, even taken into another level, across all strata of society and industries.
Both public and private organisations, large and small, should be prepared to withstand cyber-attacks without affecting the continuity of important IT systems. MT-CSIRT has prepared several recommendations aiming towards citizens and companies, which we consider necessary. These recommendations should be reviewed on an ongoing basis and routinely, so feel free to take the opportunity to review what it looks like in your circumstance.
Indicators of Compromise
The following cyber hygiene recommendations are being proposed.
1. Be alert to sensational information, especially if it is encouraging immediate action. Verify information against several sources. Make sure the information is correct before resharing.
2. Watch out for any links in emails and text messages, especially those suggesting some action, such as changing your password, suspicious account activity or requesting payment for services.
3. Make sure you have a backup of all the files that are important to you and that such backups can be restored, if needed.
4. Review the educational content on www.cybersecurity.gov.mt.
For all staff:
1. Have increased vigilance regarding phishing, malware, password management, fake documents, and websites. if in doubt, use alternative mediums to confirm authenticity.
2. Pay extra attention to, and report, deviating functionality and events in IT systems.
3. Do not use private equipment for work-related tasks unless it has been agreed and approved by the employer.
4. Install security updates on your phone, computer, and other devices as soon as possible.
For technical and operating personnel
1. Ensure that multifactor authentication is used for all remote connection to the network as well as all user accounts, especially administrator and other privileged accounts.
2. Ensure that all communication with the organisation’s network and services is secured through, for example, VPN connection.
3. Apply least privilege access and secure the most sensitive and privileged credentials.
4. Review which users have administrator privileges, so that only the IT department can install software.
5. Review all authentication activity for remote access infrastructure.
6. Increase control and vigilance around deviations at system level.
7. Ensure that legacy systems are isolated.
8. Enable logging of key functions.
9. Check results from backups, and make sure there are offline copies. Validate data that is being backed up and ensure that it corresponds to the needs of the business.
10. Block unauthorized software, only allow users to run approved applications.
11. Install security updates as soon as possible. Prioritise systems that are exposed to the internet, those that are business-critical and systems where vulnerabilities risk being exploited.
12. Report all incidents that are deemed to affect the security of the information management for which the business is responsible. In the event of an ongoing IT incident, and you would like to share your Indicators of Compromise, MITA can be contacted at firstname.lastname@example.org. If there is a criminal suspicion, the incident should also be reported to the Cyber Crime Unit either by phone on (+356) 2294 2231 or through e-mail at email@example.com.
We encourage organisations to comply with reporting obligations under regulations such as NIS and GDPR.
For IT managers
1. Review available resources to support and manage IT incidents. This should include both IT staff but also other functions within the organization (management team, communication, operational support, etc.).
2. Ensure that functions are practiced regularly, so that all employees know what role they have if / when an IT incident occurs and how it should be handled in the short and long term.
3. Ensure that all employees know the routines and policies that apply to work, both in the office and at a distance.