The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Department of Health and Human Services (HHS) recently issued a joint advisory on the RansomHub ransomware. RansomHub is a ransomware-as-a-service variant, previously known as Cyclops and Knight. Since February 2024, it has encrypted and exfiltrated data from over 210 victims spanning multiple industries.
Although the advisory was issued by U.S. government organizations, RansomHub poses a global threat. According to security vendor ZeroFox, RansomHub attacks have impacted organizations worldwide, with 39% occurring in North America, 34% in Europe, 10% each in the APAC region and South America, and 5% in Australia/New Zealand.
The FBI has provided three essential recommendations to help mitigate cyber threats from ransomware:
Install updates for operating systems, software, and firmware as soon as they are released.
Require phishing-resistant MFA (i.e., non-SMS text based) for as many services as possible.
Train users to recognize and report phishing attempts.
With Tines, you can automate these three key recommendations. Let’s dive into an example story for each recommendation.
1. Streamline macOS software updates with self-service patch management
Streamline macOS software updates with self-service patch management
Our macOS Patch Management automation streamlines the entire lifecycle of managing software updates for macOS operating systems. It includes a self-service implementation of opting in and out of the patch management pilot group via Tines pages and a ring 0/ring1 approach to distributing macOS operating system updates. Updates are initially pushed to the pilot group for testing, and after a week, they are rolled out to the production group. This automation neatly balances user empowerment, system security and stability, and overall reduction of our company's attack surface.
Tools
Community author
Tyler Talaga at MyFitnessPal
This story, crafted by Tyler Talaga from MyFitnessPal, helps organizations streamline the complete lifecycle of managing macOS software updates. It features a self-service model allowing users to opt in or out of the patch management pilot group via Tines pages, along with a tiered approach for distributing macOS updates. Initially, updates are deployed to the pilot group for testing and, after one week, are automatically rolled out to the production environment.
Security teams can use Tines to create workflows that ensure all users have the latest updates and required security software installed.
2. Disable new MFA devices in Okta
Disable new MFA devices in Okta
Query all Okta users and disable any new MFA devices if multiple are associated with an account.
Tools
Created by
Requiring a phishing-resistant MFA, such as Okta, is highly recommended. In the event of a breach, attackers might try to add a new device for MFA to a user’s account. This story monitors for multiple MFA devices associated with a user. If it detects more than one, it will deactivate the most recent device and notify the user via email about the update.
3. Send KnowBe4 training reminders via Slack
Your team serves as the first line of defense against attacks, making it crucial to train employees to recognize and report phishing attempts. Implementing a security awareness training solution, such as KnowBe4, can effectively educate employees on identifying and reporting phishing attempts.
After assigning security awareness training, it's essential to send reminders to ensure all employees complete it. This story sends KnowBe4 training reminders via Slack, either as a supplement to or as an alternative to the default email notifications.
Automate your security processes
These three stories are just a glimpse of how Tines can automate your security processes. Tines integrates with any tool that has an API, allowing you to establish connections between systems in minutes and deploy valuable workflows within hours. Additionally, our library offers over 800 pre-built workflows to get you started quickly.
Explore how Tines can help you orchestrate and automate across your security work.