Proactive Measures Against the Latest Spear-Phishing Threat: How Platinum Systems Protects Our PtMT Clients
In a recent alert, the Cybersecurity and Infrastructure Security Agency (CISA) shared details of a major spear-phishing campaign targeting organizations across various sectors, including government and IT. This campaign, conducted by a foreign threat actor, utilizes spear-phishing emails with malicious Remote Desktop Protocol (RDP) files. Once clicked, these files can give attackers unauthorized access to networks, potentially allowing them to install malicious code and establish a foothold within the target’s systems.
At Platinum Systems, we remain vigilant against these ever-evolving cyber threats. Our Platinum Managed Technology (PtMT) clients benefit from our immediate, proactive response to protect their operations, data, and people. We took action immediately upon learning of this issue, implementing critical security measures across our PtMT clients to mitigate potential risks from this spear-phishing campaign.
Steps We’ve Taken to Protect Our Clients
1. Blocking Malicious RDP Files
One of our first measures was to block the transmission of RDP files within email communication channels for all our Managed clients using Proofpoint and Mimecast. This action helps prevent the accidental execution of these malicious files, cutting off a primary avenue of attack for this spear-phishing campaign.
2. Evaluating Outbound RDP Connections
While blocking outbound RDP connections is a best practice CISA recommends, we understand that some clients have legitimate use cases for RDP. Therefore, we’re carefully evaluating and implementing restrictions on outbound RDP connections as appropriate for each client’s unique needs. By taking this measured approach, we minimize disruptions while ensuring that our clients are as secure as possible.
3. Implementing Advanced Security Recommendations
Beyond these immediate actions, we consistently align our security practices with industry standards and recommendations from cybersecurity authorities. Many of the steps that CISA urges organizations to adopt are already part of our PtMT service:
• Multi-Factor Authentication (MFA): We encourage and support MFA implementation across client networks to prevent unauthorized access. Whenever possible, we recommend phishing-resistant methods, such as FIDO tokens, to offer robust protection against sophisticated attacks.
• Endpoint Detection and Response (EDR): Our PtMT Pro clients benefit from advanced EDR solutions, enabling continuous monitoring of suspicious activities within the network, helping us detect and respond to threats promptly.
• User Education Programs: Our Managed Security Awareness Training program empowers client employees to recognize phishing and social engineering tactics, reducing the likelihood of successful attacks. Educated users are a vital line of defense in today’s cybersecurity landscape.
4. Continuous Monitoring and Threat-Hunting
Our cybersecurity team actively searches for indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) reported in industry alerts, including those related to this recent spear-phishing threat. This enables us to detect and neutralize any emerging threats before they impact our clients’ networks.
Why PtMT Clients Can Feel Secure
Cyber threats are a reality of today’s digital landscape, but our PtMT clients can rest assured knowing they have a trusted partner in Platinum Systems. With advanced cybersecurity tools, continuous monitoring, and a proactive security strategy, we protect our clients from a wide array of cyber threats, enabling them to focus on their core business activities with peace of mind.
At Platinum Systems, we know that cybersecurity is more than just technology—it’s about building trusted partnerships, enhancing operational resilience, and staying one step ahead of emerging threats. This latest spear-phishing campaign is a reminder of the importance of having a reliable cybersecurity partner. Our commitment to protecting our clients’ success remains steadfast, as we continue to monitor, respond to, and mitigate threats as they arise.
If you’re not yet a PtMT client, reach out to us today to learn more about how our proactive approach can safeguard your business. Protecting Your Business, Enhancing Your Success isn’t just our tagline—it’s our mission.