The US Postal Service has been warned by the Federal Bureau of Investigation (FBI) about potential ransomware threats delivered via the USPS. The FBI has also issued a joint alert with the Cybersecurity and Infrastructure Security Agency (CISA) to address the Medusa ransomware gang, which has impacted at least 300 critical infrastructure victims since June 2021.
Medusa is known for using social engineering and unpatched software vulnerabilities during attacks. To mitigate this threat, the FBI recommends enabling two-factor authentication (2FA) for webmail services like Gmail and Outlook, as well as VPNs. This means organizations should immediately adopt these security measures to prevent further attacks.
Key mitigation steps include:
* Enabling 2FA for all possible services
* Using long passwords and reducing frequent password changes
* Storing sensitive data in a secure location
* Keeping operating systems and software up-to-date
* Monitoring network traffic and investigating suspicious activity
Despite the FBI’s warnings, some experts are skeptical about the effectiveness of these measures. Roger Grimes, a data-driven defense evangelist, notes that social engineering is often involved in successful hacking attacks, but this warning does not include security awareness training as a primary solution.
“The hackers must be laughing,” Grimes said, highlighting the need for a more comprehensive approach to defending against such threats.
Source: https://www.forbes.com/sites/daveywinder/2025/03/13/fbi-warning-enable-2fa-for-gmail-outlook-and-vpns-now