Published March 23, 2022
Prepared by Deepwatch Threat Intel Team
- President Joe Biden’s administration released a statement, reiterating previous warnings, saying that “evolving intelligence” suggests that the Russian Government is exploring options to conduct cyber attacks against US private sector and critical infrastructure owners.
- The President’s statement goes on to say “private sector and critical infrastructure owners and operators must accelerate efforts to lock their digital doors.” The statement further provides best practices the administration has developed over the last year.
- Deepwatch Threat Intel Team encourages all customers to implement the guidance and recommendations offered by President Biden’s administration and CISA’s Shields Up campaign.
President Biden’s administration released a statement, reiterating previous warnings of “evolving intelligence” that suggests the Russian Government is exploring options to conduct cyber attacks against the US in response to the “unprecedented economic costs we’ve imposed on Russia alongside our allies and partners.”
The President’s statement goes on to urge “private sector and critical infrastructure owners and operators must accelerate efforts to lock their digital doors.” The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has been actively working with organizations across critical infrastructure to rapidly share information and mitigation guidance to help protect their systems and networks.”
The statement further provides best practices the administration has developed over the last year.
The following is an excerpt of the guidance provided in the accompanying “Fact Sheet”:
- Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system;
- Deploy modern security tools on your computers and devices to continuously look for and mitigate threats;
- Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors;
- Back up your data and ensure you have offline backups beyond the reach of malicious actors;
- Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
- Encrypt your data so it cannot be used if it is stolen;
- Educate your employees to common tactics that attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly; and
- Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents. Please encourage your IT and Security leadership to visit the websites of CISA and the FBI where they will find technical information and other useful resources.
As part of their recommendations, the administration urges private sector and critical infrastructure owners to follow the guidance presented by CISA in their recent Shields Up campaign.
The below is an excerpt of some of the guidance that is recommended by CISA’s Shields Up:
- Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
- Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
- Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
- If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
- Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
- Confirm that the organization’s entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
- If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.
Deepwatch Threat Intelligence Outlook
Deepwatch Threat Intel Team encourages all customers to implement the guidance and recommendations offered by President Biden’s administration and CISA’s Shields Up campaign. As Russia potentially explores options to conduct cyber attacks against the US in retaliation for the sanctions the US imposed on them, it is imperative the customers take the necessary steps now to proactively protect and reduce their external-facing risks while focusing on detecting and possibly responding to any cyber attacks. Additionally, It is recommended to conduct table top exercises for your organization to identify gaps in procedures to handle a large scale cyber incident that includes ransomware, system wiping, and DDoS scenarios to assist in the preparation of any such attacks.
Author: Eric Ford