Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

CISA Again Warns U.S. Organizations of Potential Russian Cyberattacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to strengthen their security stance and stay on alert for potential Russian cyberattacks.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to strengthen their security stance and stay on alert for potential Russian cyberattacks.

Over the past years, Russia-linked cyberattacks have targeted organizations of all sizes, across a large number of verticals, meaning that all should ensure they have a response and recovery plan implemented.

According to CISA, all organizations in the U.S. are at risk from cyberattacks that could disrupt essential services and which may even impact public safety.

“The Russian government understands that disabling or destroying critical infrastructure – including power and communications – can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives,” the agency notes.

Previously, Russian threat actors – believed to be working on behalf of Moscow – were observed launching disruptive attacks against Ukraine, but also targeting the elections process in the US and elsewhere.

[READ: Ukraine Attack: Hackers Had Access for Months Before Causing Damage]

Although it is not aware of a specific threat to U.S. organizations, amid increasing tensions at the Ukraine border, the Russian government may consider “escalating its destabilizing actions” to impact entities outside of Ukraine, CISA says.

This alert comes just weeks after several U.S. government agencies, including CISA, issued a joint advisory to provide an overview of cyber operations linked to Russia.

Thus, the agency has been working with critical infrastructure partners to increase awareness of potential threats, and is now urging all organizations to be proactive and make sure their most critical assets are well defended in the event of an attack.

To strengthen their security, organizations should ensure multi-factor authentication is enabled for all remote access to their environments, including privileged or administrative access; keep all software updated and prioritize patching against known exploited vulnerabilities; disable all unused ports and protocols; and ensure that strong controls are implemented for all cloud services that may be in use.

Furthermore, organizations should ensure that their cybersecurity/IT personnel can quickly identify and address unusual network behavior; keep their environments protected with security products; make sure that a response plan is implemented in the event of an intrusion; and maximize resilience to destructive cyberattacks.

“If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic,” CISA notes.

Related: More Russian Attacks Against Ukraine Come to Light

Related: Microsoft Uncovers Destructive Malware Used in Ukraine Cyberattacks

Related: Ukraine Names Russian FSB Officers Involved in Gamaredon Cyberattacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...