Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

CISA Again Warns U.S. Organizations of Potential Russian Cyberattacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to strengthen their security stance and stay on alert for potential Russian cyberattacks.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to strengthen their security stance and stay on alert for potential Russian cyberattacks.

Over the past years, Russia-linked cyberattacks have targeted organizations of all sizes, across a large number of verticals, meaning that all should ensure they have a response and recovery plan implemented.

According to CISA, all organizations in the U.S. are at risk from cyberattacks that could disrupt essential services and which may even impact public safety.

“The Russian government understands that disabling or destroying critical infrastructure – including power and communications – can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives,” the agency notes.

Previously, Russian threat actors – believed to be working on behalf of Moscow – were observed launching disruptive attacks against Ukraine, but also targeting the elections process in the US and elsewhere.

[READ: Ukraine Attack: Hackers Had Access for Months Before Causing Damage]

Although it is not aware of a specific threat to U.S. organizations, amid increasing tensions at the Ukraine border, the Russian government may consider “escalating its destabilizing actions” to impact entities outside of Ukraine, CISA says.

Advertisement. Scroll to continue reading.

This alert comes just weeks after several U.S. government agencies, including CISA, issued a joint advisory to provide an overview of cyber operations linked to Russia.

Thus, the agency has been working with critical infrastructure partners to increase awareness of potential threats, and is now urging all organizations to be proactive and make sure their most critical assets are well defended in the event of an attack.

To strengthen their security, organizations should ensure multi-factor authentication is enabled for all remote access to their environments, including privileged or administrative access; keep all software updated and prioritize patching against known exploited vulnerabilities; disable all unused ports and protocols; and ensure that strong controls are implemented for all cloud services that may be in use.

Furthermore, organizations should ensure that their cybersecurity/IT personnel can quickly identify and address unusual network behavior; keep their environments protected with security products; make sure that a response plan is implemented in the event of an intrusion; and maximize resilience to destructive cyberattacks.

“If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic,” CISA notes.

Related: More Russian Attacks Against Ukraine Come to Light

Related: Microsoft Uncovers Destructive Malware Used in Ukraine Cyberattacks

Related: Ukraine Names Russian FSB Officers Involved in Gamaredon Cyberattacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.