Lessons from cyberattacks must be learned, and the best defense is preventive measures. This was stated by the Government Computer Emergency Response Team CERT-UA, reports UNN.
Details
According to experts, hackers often return to already hacked networks. Therefore, CERT-UA called on users to take into account the most common mistakes that cause repeated hacking of previously attacked networks. Typical mistakes made by institutions and organizations:
- lack of practice in studying and implementing experience (lessons learned);
- not all recommendations were implemented after the attack investigation;• not all systems were checked;
- open vulnerabilities after recovery.
Simply recovering from backups after a hack and continuing to work without analyzing the attack itself and eliminating its causes is dangerous, experts emphasized. Hackers return through the same vulnerabilities.
Even one unclosed "hole" can become an entry point for the enemy. It is necessary to first investigate how the hack occurred and identify vulnerable systems. Then, the identified shortcomings should be eliminated and additional security measures implemented, backups should be checked for compromise and data should be safely restored.
Attackers can leave backdoors on other devices. Even if they were not used during the attack, these gaps remain open, giving hackers the opportunity to return and gain access in the future.
The following actions will help to avoid repeated hacking:
- after the attack, do not rush to restore the system - first analyze the situation;
- close all found vulnerabilities, not just the most obvious ones;
- check not only the main servers, but also all devices on the network;
- carefully check backups before restoring from them.
Let us remind you
The account of the Prime Minister of the Czech Republic, Petr Fiala, was hacked on the social network X, spreading fakes about the attack of the Russians. The police are investigating the incident and выясняют, how the attackers bypassed the protection.