May 16, 2023
Computers are designed to be networked, so they can talk to each other and share data unhindered. This enables ideal usability but comes at a cost: once a single device is compromised, a threat actor can move to others and compromise them as well. BianLian, like many malware samples, uses a common operating system utility to move laterally. The best mitigation is to move from servers and workstations to “secure by design” devices, such as containers, Chromebooks or iPads. These device types rely on application sandboxing to prevent a malicious user from moving to other machines. If this is not feasible, evaluate which utilities are required for day-to-day IT operations and remove the others. Utilities you should be looking for include: RDP, PuTTY, WinRM, PSExec (Windows) and SSH (Linux/MacOS).
Be immediately notified of new advisories and associated security tests