Different government agencies based in the United States have joined together in issuing cybersecurity advisory. The advisory was a summation of cyber activities that were connected to Russia in one way or another. The advisory followed rising tensions over the possibility of Russia invading Ukraine.
Many agencies were involved in the recommendations. The latest advisory was issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) in a joint effort. A lot of information is provided in the advisory including various steps of action needed to identify any threats, how to respond in cases where threats are evident and how to curb them. This was particularly directed to owners of various forms of OT and IT assets. The advisory also tackled Tactics, Techniques, and Procedures (TTPs) which focuses on the strategies and methodology that hackers use to execute an attack.
The recommendations aren’t new. These are warnings that are simply emphasizing what has been around for a while. Others, however, have applauded and even recommended the advisory. Some such as Robert Lee, the co-founder, and CEO of Dragos, a cybersecurity firm, have said that it offers some useful insights and a historical summary for the newer audience.
The advisory includes summaries of both old and newer vulnerabilities. Majoring on Russian hackers and threat actors, they look into how they exploit the various vulnerabilities. They also look into some of their high-profile activities. Several cases of attacks were looked into and some of them included; strategies aimed at various Industrial Control Systems (ICS) and data theft from various government institutions and aviation networks.
Another interesting piece of information included in the advisory was the inclusion of a reward for any useful information. The U.S. State Department stated that it would offer rewards of up to $10 million for information about the hackers who are believed to be state-sponsored. The hackers are said to have launched several attacks on critical infrastructure.
In an appeal to the cybersecurity community, the FBI, NSA, and CISA, encouraged vigilance and increased awareness over the attacks. Network defenders in charge of critical infrastructure were particularly encouraged to aggressively conduct threat hunts and become more aware of suspicious activity.
It is believed by some of the experts in the cybersecurity field, that the advisory may be directly correlated to the increased tensions between the United States and Russian governments. Adam Flatley spoke with SecurityWeek where he stated that he strongly believes that the advisory is most likely linked to the potential invasion of Ukraine by Russia. This has heightened tensions, and it doesn’t take deep analytic leaps to connect the pieces. Adam Flatley is the director of threat intelligence at a cyber security firm called Redacted.
US organizations will need to keep close attention to cybersecurity, especially critical infrastructure. This vigilance will help them respond to and alleviate any form of retaliation on Russia’s end. The U.S. government has promised to act decisively in the instance of an invasion. Adam Flatley also added that U.S. companies should operate on high alert and be keen to monitor potential threats. This is the best move during such heightened tension. Frequent updates, reviews, active response plans, and proper problem solving are all means to curbing potential threats. It also allows all who are involved to understand their distinctive roles if a crisis ever occurs.
Rick Holland, who is the chief information security officer (CISO) and Vice President (VP) of strategy at a firm called Digital Shadows, is also convinced that threat groups connected to Russia are likely to have increased activity. This is particularly as the conflict concerning Ukraine escalates.
Cyberspace is increasingly becoming a major component of geopolitics, Holland said. Many of the Russian groups aren’t the main threats for all companies. It is mostly the critical infrastructure providers, spoken of in the alert, that are at a major risk. Regardless, even other companies could be affected and may end up being collateral damage.
Source : HackerCombat