If you're reading this, you might suspect illegal access or that your login credentials have been compromised — or you may have already experienced unauthorized access to your account. Cyber security incidents can be unsettling, but please know, with the right steps, you can swiftly reclaim and fortify your account's security.
Our recommendations
- Reset your password: Immediately change your Atera account password. Use a strong, unique password that is not used for any other accounts. It is recommended to check the newly suggested password using: https://passwords-generator.org/#google_vignette and also check old passwords at https://haveibeenpwned.com/Passwords
- Enable multi-factor authentication (MFA): If not already in use, activate MFA for your Atera account. This additional security verification step is a crucial line in the defense of your account from unwanted access, acting as a second line of defense even if your password is compromised again.
- Review account activity: All actions performed by the technician can be viewed under the Audit Log section, in which you can export. The audit log provides a system-level view of activities performed by technicians within your Atera account.
- Limit access via IP restrictions: For an added layer of security, we recommend checking the Access List option, under Restrict IP Permissions, where you can specify which IPs are allowed platform access. For more info, see Two-factor authentication (2FA)
- Use a dedicated password manager: Consider using an enterprise-focused solution for managing your critical account credentials. This ensures enhanced security and control over your passwords and MFA.
- Enable endpoint security: Ensure to deploy an Endpoint Detection & Response or and Endpoint security solution / Anti-Virus to all your technicians account as a bare minimum for all the devices that are accessing the Atera platform. You can consider the Atera Marketplace for recommended Atera compliant security solutions.
Common cyber-attack related to stolen conditionals and defense strategies
There are several ways threat actors and hackers can attempt to steal multi-factor authentication (MFA) credentials or bypass MFA security measures. Implementing the following defense strategies will significantly reduce the risk of successful attacks, even in the face of sophisticated threats.
-
Phishing: Attackers may create fake websites or emails that mimic legitimate ones, tricking users into entering their MFA credentials.
-
Defense strategies:
- User education: Regularly train users on how to recognize phishing attempts. Highlight the importance of not clicking on links or downloading attachments from unverified sources.
- Use anti-phishing tools: Implement email filtering and web protection tools that help detect and block phishing attempts.
-
Defense strategies:
-
Man-in-the-Middle (MitM) attacks: Hackers may intercept communication between a user and a legitimate service, capturing MFA codes in transit.
-
Defense strategies:
- Encrypted connections: Use HTTPS for all web transactions to encrypt data in transit, making it difficult for attackers to intercept MFA codes.
- VPN usage: Encourage the use of VPNs, especially on public Wi-Fi networks, to secure data transmissions.
-
Defense strategies:
-
Social engineering: Attackers may use social engineering techniques to manipulate users into providing MFA codes.
-
Defense strategies:
- Security awareness training: Conduct regular sessions highlighting social engineering tactics and how to resist manipulation techniques.
- Strict verification processes: Establish strict verification processes for any request involving sensitive information or access.
- Limit information sharing: Teach users to limit the amount of personal and company information shared online to reduce the risk of targeted social engineering attacks.
-
Defense strategies:
-
Malware: Attackers may use malware to capture MFA codes from a victim's device or to compromise the MFA application itself.
-
Defense strategies:
- Endpoint protection: Use reputable antivirus and anti-malware solutions on all devices, updating them regularly.
- MFA application protection: Ensure MFA applications themselves are secure and regularly updated.
- Regular scans: Conduct regular scans on devices for any malware presence and have protocols in place for immediate isolation and remediation of infected devices.
-
Defense strategies:
-
Weak MFA implementation: Poorly implemented MFA systems may have vulnerabilities that attackers can exploit.
-
Defense strategies:
- Use a secure password manager: Encourage users to store their recovery codes in a secure, encrypted password manager rather than in plaintext files, notes on mobile devices, or, worse, sticky notes.
- Periodic MFA audit: Regularly audit your MFA settings and policies to ensure they remain effective against new threats and align with best practices. This includes reviewing which accounts have MFA enabled, the types of MFA used, and how recovery codes are managed and stored.
-
Defense strategies:
-
Credential stuffing: Attackers may use previously stolen credentials to try and access accounts protected by MFA.
-
Defense strategies:
- Implement account lockout mechanisms: After a certain number of failed attempts, lock the account temporarily to prevent unlimited guessing attacks.
- Use CAPTCHA challenges: Deploy CAPTCHA challenges to distinguish humans from automated login attempts.
- Monitor and alert: Set up monitoring for an unusual login attempt and alert users to attempted or successful unauthorized access attempts.
-
Defense strategies:
-
SIM swapping: Attackers may convince a mobile carrier to transfer a victim's phone number to a new SIM card, allowing them to receive MFA codes.
-
Defense strategies:
- Carrier account protection: Advise users to set up additional security measures for their mobile carrier account, such as a PIN or a passcode.
- Educate about risks and responses: Inform users about the potential risk of SIM swapping and the importance of immediately contacting their carrier if they suspect a swap has occurred.
-
Defense strategies:
-
Insider threats: A malicious insider may bypass MFA controls if they have access to an account or system.
-
Defense strategies:
- Least privilege principle: Ensure users have the minimum level of access required to perform their duties, reducing the potential impact of malicious insiders.
- Monitor user activities: Implement solutions to monitor for unusual or unauthorized activities within your network.
- Segregation of duties: Divide responsibilities among different individuals to reduce the risk of malicious activity without detection.
-
Defense strategies:
Recovering from a security incident involves immediate and long-term steps to restore and enhance the security of your Atera account. By following these guidelines and collaborating with our support team, you can rebuild a more secure platform for your IT management needs.