Recent VPN attacks prompt immediate patching federal mandate
State and federal agencies have reported targeted infrastructure attacks, most recently for the Pulse Secure telework VPN that is used by state government. The Massachusetts Executive Office of Technology Services and Security Cyber News and Events describes the attacks and the current federal mandate to review and patch the software. You can sign up for these alerts here.
Since some patches for the Pulse VPN may not be available until early May, users should continue to be vigilant by validating incoming emails before opening attachments or links to protect against ransomware. If you experience any unusual activity, such as inability to access applications and VPN, or unstable or extremely slow internet, consult with your IT staff.
In addition to your normal incident response protocols, please contact CTREmergencyNotification@mass.gov with any incidents or suspected incidents of fraud or cyber attacks or if you need assistance with internal controls.