The National Cyber Directorate received several reports of serious cyber incidents in which attackers managed to gain access to organizational networks and perform deletion of servers and endpoints with the aim of disrupting the operations of the attacked organizations.
From the investigations conducted, it appears that in many cases, the initial access to the network was carried out using legitimate identification data of users in the organization. This data may be exposed as part of past attacks, data leaks, or the sale of access details on the dark web, and sometimes also as a result of attacks that were not detected in real-time.
Even when technical vulnerabilities in equipment or systems have already been addressed through security updates, attackers may maintain access to the organizational network if user passwords have not been changed or if accounts created during the attack remain in the system.
In light of the incidents, it is recommended that organizations take immediate steps to reduce the risk:
• Mandate a password change for all users of remote access systems such as VPN, ZTNA, or remote management solutions.
• Verify that there are no unrecognized users in the systems, especially those with administrator privileges.
• Enable strong two-factor authentication for all users, especially for administrators.
• Ensure that remote access systems and equipment are updated to the latest security versions.
Implementing these steps can significantly reduce the risk of exploiting existing access data and prevent damage to the organization’s operations.
In case of suspicion of unusual activity or a cyber incident, you can contact the 119 hotline for professional assistance.
Related Topics
