Threat Watch

Update to Crippling Cyberattack on Brazilian Courts

In an update originally reported by ZDNet, the Brazilian Superior Electoral Court (STJ) has managed to resume operations after a cyberattack took down their systems for more than two weeks. The attack, which started on November 3rd, required all STJ systems to be taken offline  for about 26 hours, during which the federal police gathered evidence. From there, the courts were forced to operate with limited functionality until November 20th, while a team of over 50 IT professionals rebuilt the network. During that time, court cases had to be postponed.  As a result of lessons learned during this incident, cybersecurity preparations will be focused on more heavily at the STJ.

ANALYST NOTES

This incident was caused by ransomware, which has become one of the most prolific and damaging threats to computer systems for public and private sector organizations alike. Binary Defense recommends following the 3-2-1 backup rule for backup management to ensure at least three copies of backups are maintained on two different storage types with one of them not connected to the network, so that attackers won’t be able to destroy data backups as part of the attack. Patching servers and protecting access to any remote connectivity solution such as VPN with Multi-Factor Authentication is another important step. For those attacks that make it past the outer layers of security controls, it is critical to have skilled security analysts working in a 24/7 Security Operations Center (SOC) staffed internally or using a managed security service, such as Binary Defense’s own Security Operations Task Force.

https://www.zdnet.com/article/brazilian-government-recovers-from-worst-ever-cyberattack/