CISA Again Warns U.S. Organizations of Potential Russian Cyberattacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to strengthen their security stance and stay on alert for potential Russian cyberattacks.

Over the past years, Russia-linked cyberattacks have targeted organizations of all sizes, across a large number of verticals, meaning that all should ensure they have a response and recovery plan implemented.

According to CISA, all organizations in the U.S. are at risk from cyberattacks that could disrupt essential services and which may even impact public safety.

“The Russian government understands that disabling or destroying critical infrastructure – including power and communications – can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives,” the agency notes.

Previously, Russian threat actors – believed to be working on behalf of Moscow – were observed launching disruptive attacks against Ukraine, but also targeting the elections process in the US and elsewhere.

[READ: Ukraine Attack: Hackers Had Access for Months Before Causing Damage]

Although it is not aware of a specific threat to U.S. organizations, amid increasing tensions at the Ukraine border, the Russian government may consider “escalating its destabilizing actions” to impact entities outside of Ukraine, CISA says.

This alert comes just weeks after several U.S. government agencies, including CISA, issued a joint advisory to provide an overview of cyber operations linked to Russia.

Thus, the agency has been working with critical infrastructure partners to increase awareness of potential threats, and is now urging all organizations to be proactive and make sure their most critical assets are well defended in the event of an attack.

To strengthen their security, organizations should ensure multi-factor authentication is enabled for all remote access to their environments, including privileged or administrative access; keep all software updated and prioritize patching against known exploited vulnerabilities; disable all unused ports and protocols; and ensure that strong controls are implemented for all cloud services that may be in use.

Furthermore, organizations should ensure that their cybersecurity/IT personnel can quickly identify and address unusual network behavior; keep their environments protected with security products; make sure that a response plan is implemented in the event of an intrusion; and maximize resilience to destructive cyberattacks.

“If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic,” CISA notes.

Related: More Russian Attacks Against Ukraine Come to Light

Related: Microsoft Uncovers Destructive Malware Used in Ukraine Cyberattacks

Related: Ukraine Names Russian FSB Officers Involved in Gamaredon Cyberattacks