Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

CISA Again Warns U.S. Organizations of Potential Russian Cyberattacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to strengthen their security stance and stay on alert for potential Russian cyberattacks.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to strengthen their security stance and stay on alert for potential Russian cyberattacks.

Over the past years, Russia-linked cyberattacks have targeted organizations of all sizes, across a large number of verticals, meaning that all should ensure they have a response and recovery plan implemented.

According to CISA, all organizations in the U.S. are at risk from cyberattacks that could disrupt essential services and which may even impact public safety.

“The Russian government understands that disabling or destroying critical infrastructure – including power and communications – can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives,” the agency notes.

Previously, Russian threat actors – believed to be working on behalf of Moscow – were observed launching disruptive attacks against Ukraine, but also targeting the elections process in the US and elsewhere.

[READ: Ukraine Attack: Hackers Had Access for Months Before Causing Damage]

Although it is not aware of a specific threat to U.S. organizations, amid increasing tensions at the Ukraine border, the Russian government may consider “escalating its destabilizing actions” to impact entities outside of Ukraine, CISA says.

This alert comes just weeks after several U.S. government agencies, including CISA, issued a joint advisory to provide an overview of cyber operations linked to Russia.

Advertisement. Scroll to continue reading.

Thus, the agency has been working with critical infrastructure partners to increase awareness of potential threats, and is now urging all organizations to be proactive and make sure their most critical assets are well defended in the event of an attack.

To strengthen their security, organizations should ensure multi-factor authentication is enabled for all remote access to their environments, including privileged or administrative access; keep all software updated and prioritize patching against known exploited vulnerabilities; disable all unused ports and protocols; and ensure that strong controls are implemented for all cloud services that may be in use.

Furthermore, organizations should ensure that their cybersecurity/IT personnel can quickly identify and address unusual network behavior; keep their environments protected with security products; make sure that a response plan is implemented in the event of an intrusion; and maximize resilience to destructive cyberattacks.

“If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic,” CISA notes.

Related: More Russian Attacks Against Ukraine Come to Light

Related: Microsoft Uncovers Destructive Malware Used in Ukraine Cyberattacks

Related: Ukraine Names Russian FSB Officers Involved in Gamaredon Cyberattacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.