A Cybersecurity Advisory (CSA) alert issued on Tuesday, January 11, titled “Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure,” written jointly by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and National Security Agency (NSA) warns of current, Russian state-sponsored cyberthreats, reviews historical avenues for attacks from advanced persistent threat (APT) actors, and advises on methods to detect, respond to, and mitigate damage from these attacks.
No recent or current attack prompted the alert. "CISA puts out alerts based on threat information, though they don’t always explain exactly what threat information prompted the alert," says Tim Erlin, vice president of strategy at Tripwire.
“This CISA alert is clearly prompted by the diplomatic talks between Biden and Putin. Leveraging cyber operations is a textbook Russian strategy during geopolitical negotiations,” says Josh Lospinoso, CEO and co-founder of Shift5. “CISA Director Jen Easterly intimately understands the tactics, techniques and procedures (TTPs) of nation-state actors – she has been at the front lines of fighting Russian adversaries in cyberspace throughout her career, especially as part of NSA’s Tailored Access Operations – and that is informing this CISA alert.”
“Targeting critical infrastructure is nothing new, however, the increased attacks are certainly something to be concerned with, especially given the tensions between the U.S. and Russia over the Ukraine border crisis," says Erich Kron, security awareness advocate at KnowBe4. "Russia has very advanced cyber warfare skills which keep them hidden once a network is compromised, although ironically, the initial attack vectors are typically those of low-tech email phishing campaigns, taking advantage of people reusing already compromised passwords or using easily guessed passwords.
“To strengthen organizations against these attacks, it is critical that they have a comprehensive security awareness program in place to help users spot and report suspected phishing attacks and to educate them on good password hygiene. In addition, technical controls such as multi-factor authentication and monitoring against potential brute force attacks can play a critical role in avoiding the initial network intrusion,” Kron says.
The pandemic creates ongoing vulnerabilities
As long as COVID remains with us remote work will continue to be the norm for many if not most companies that offer the option. All these companies must continue to be aware of the multitude of new attack vectors represented by these remote connections.
“Russian state-sponsored attacks target employees at every level, leaving many companies exposed. Yet, according to our recent report, 49% of IT professionals say that individual employees in their organization do not consider themselves targets that attackers can use to access company data,” says Kurt Markley, U.S. managing director at Apricorn.
“Data protection, backup and recovery is key when it comes to mitigating risks from any cyberattack, including state-sponsored cyber threats. To protect critical infrastructure and organization information, secure data backup processes need to be implemented to maximize data control, eliminate unauthorized data access and provide organizations with the ability to quickly restore operability in the event of a cyberattack,” Markley says.
“Given the ongoing conflict between Russia and Ukraine, there are multiple possible scenarios in which actions from Russian attackers may cause impact outside of the conflict zone," says Mike Wiacek, CEO at Stairwell. "A key aspect of what makes the communications CISA has put out useful is that they also detail how to measure the effectiveness of the recommended security controls, further enabling organizations to be prepared. Manufacturing sector organizations with mature security teams that include threat analysts can also leverage tools such as YARA [used in malware detection] to speedily identify potential threats in their environments.”