CISA Issues “Shields Up” Warning About Russian Cyber Attacks | #malware | #ransomware | #education | #technology | #infosec



The U.S. Cybersecurity & Infrastructure Security Agency, which is part of the U.S. Department of Homeland Security has issued an unusual warning to business that says they should be prepared to defend against cyber attacks originating from Russia. “Every organization—large and small—must be prepared to respond to disruptive cyber activity,” the agency says in its warning.

“In the wake of continued denial of service and destructive malware attacks affecting Ukraine and other countries in the region, we are working very closely with our Joint Cyber Defense Collaborative (JCDC) and international computer emergency readiness team (CERT) partners to understand and rapidly share information on these ongoing malicious cyber activities,” the CISA statement says.

The guidance includes reducing the likelihood of damage, taking steps to detect an attack, making sure your organization is prepared to respond, and maximizing resilience, which includes testing backup procedures and making sure manual controls are available.

But like everything else involving security, there’s a lot in the details.

Russian Attacks

“Businesses should be on the lookout for potential ransomware attacks stemming from the conflict between Russia and Ukraine,” said Therese Schachner, cybersecurity consultant at VPNBrains. “In the past, adversaries have used ransomware attacks for the purposes of extortion, exfiltration of sensitive data, and the impeding of essential business and supply chain operations, often with the intent of causing political or economic damage.”

At the beginning of the Russian invasion of Ukraine, Russian cyber attacks focused on the government of Ukraine, as well as critical infrastructure and businesses in that nation. However, as support for Ukraine grows internationally, so is the likelihood that Russian cyber attacks will spread to government and business networks in the US and in other NATO countries.

“There are several steps businesses can take to defend themselves against these potential cyberattacks,” Schachner said. “Businesses can look out for updates about the latest threats and cyberattacks from trusted sources such as government agencies. If businesses are well-informed about the latest occurrences in the cybersecurity space, they will be better equipped to detect, prevent, and mitigate cyberattacks.”

In addition, “businesses can adopt cybersecurity best practices such as updating their software, using multi-factor authentication, and backing up their data,” Schachner explained. “They can also educate their employees about business-wide cyber defense plans and cybersecurity best practices so that employees are adequately informed about how to best protect business computer systems.”

Free Assistance from CISA

CISA’s statement includes a suggestion that businesses sign up for the agency’s free Cyber Hygiene Services which includes vulnerability and application scanning and remote penetration testing. CISA will also help you determine how prepared your staff is to recognize phishing attacks and their level of security awareness.

During this time of heightened risk, CISA suggests lowering reporting thresholds and empowering the CISO by including them in the decision-making process when it comes to weighing risk versus cost.

Finally, businesses need to prepare for the worst. Assume that your company will be attacked, and that the attack will be at least partly successful. This means planning for a worst-case scenario. “Senior management should ensure that exigent measures can be taken to protect your organization’s most critical assets in case of an intrusion, including disconnecting high-impact parts of the network if necessary,” CISA warns.

For all businesses, this means that you must ensure that your cloud provider has all protective services enabled, even if it costs you more. Smaller organizations that don’t need a constant internet connection should consider disconnecting entirely when it’s not necessary, such as on nights and weekends if the office is closed.

The critical move is to assume that your business will be attacked and to prepare accordingly.



Source link