Though the feds don’t cite any specific threat, a joint advisory from CISA, the FBI and the NSA offer advice on how to detect and mitigate cyberattacks sponsored by Russia.
Cyberattacks sponsored by hostile nation-states are always a major concern, for governments and organizations. Using advanced and sophisticated tactics, these types of attacks can inflict serious and widespread damage, as we’ve already seen in such incidents as the SolarWinds exploit. As such, organizations need to be vigilant for such attacks and make sure they have the means to prevent or combat them.
In an advisory issued on Tuesday, the U.S. government provides advice on how to do that.
Authored by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the NSA, the joint advisory doesn’t point to a specific threat but does advise organizations to adopt a “heightened state of awareness” about Russia-sponsored cyberattacks. The warning comes at a time when tension between the Kremlin and NATO is high over fears that Russia is planning a new invasion of Ukraine.
“The advisory doesn’t mention the current Russian-Ukraine tensions, but if the conflict escalates, you can expect Russian cyber threats to increase their operations,” said Rick Holland, the chief information security officer at Digital Shadows. “Cyberspace has become a key component of geopolitics. Russian APT groups aren’t at the top of the threat model for all companies, unlike the critical infrastructure providers mentioned in the alert, but could end up being collateral damage.”
On a general level, the advisory provides three pieces of advice to ensure that your organization is ready to defend itself against these state-sponsored attacks.
The advisory also describes some of the specific vulnerabilities that Russian-sponsored hackers have targeted or exploited in the past to gain initial access into an organization:
Further, organizations should be aware of some of the tactics and targets used in Russian state-sponsored attacks. In many cases, these hackers will target third-party infrastructure and software as a way of impacting an entire supply chain, as seen in the SolarWinds attack. In other cases, they’ll go after operational technology (OT) and industrial control systems (ICS) networks by installing malware. Further, these attackers often use legitimate and stolen account credentials to infiltrate a network or cloud environment where they remain undetected as they plot their malicious campaigns.
The advisory also offers more specific tips for organizations on protection, detection and response to a cyberattack or other security incident.
“Russia has very advanced cyber warfare skills which keep them hidden once a network is compromised, although ironically, the initial attack vectors are typically those of low-tech email phishing campaigns, taking advantage of people reusing already compromised passwords or using easily guessed passwords,” said Erich Kron, security awareness advocate at KnowBe4.
“To strengthen organizations against these attacks, it is critical that they have a comprehensive security awareness program in place to help users spot and report suspected phishing attacks and to educate them on good password hygiene,” Kron added. “In addition, technical controls such as multi-factor authentication and monitoring against potential brute force attacks can play a critical role in avoiding the initial network intrusion.”
We think you may enjoy reading,
This post was last modified on 13 January 2022 4:54 PM
British high street chain WH Smith has recently revealed that it was hit by a…
As banks worldwide roll out Voice ID as a means of user authentication over the…
In the era of digital transformation, cybersecurity has become a major concern for businesses. When…
In today's digital age, cybersecurity threats have become a significant concern for businesses of all…
The RIG Exploit Kit is currently in the midst of its most productive phase, attempting…
One of the most transformational technologies of our time, artificial intelligence (AI), has quickly come…
Leave a Comment