CISA alert and advisory on Russian cyberthreats

Robert Moses

Organizations must take steps now to protect against Russian cyberattacks.

Notice of potential cyberattack activity

Due to increasing geopolitical tensions and the continuing escalation between Russia and Ukraine, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a “Shields Up” advisory to U.S. organizations, which follows a recent related alert on mitigating Russian state-sponsored threats (AA22-011A). The advisory recommends that organizations immediately adopt a heightened cybersecurity posture in response to current threats. While no specific or targeted threats have been identified at the time of the advisory, CISA notes that cyberattacks might escalate as a way to distract and destabilize organizations in Ukraine.

The CISA website and the Shields Up advisory contain information about Russian cyberthreats as well as additional resources and recommendations.

Sign up to receive the latest cybersecurity insights on identifying threats, managing risk, and strengthening your organization’s security posture.

Subscribe now

What organizations can do now

First and foremost, organizations should immediately adopt a heightened cybersecurity posture. Verifying that security fundamentals are in place is essential to a strong cybersecurity posture.

The Shields Up advisory lists several proactive actions organizations can take, including:

Validating that all users are using multifactor authentication
Ensuring that software is patched and up to date
Prioritizing updates that address known exploited vulnerabilities
Confirming that the entire network is protected by antivirus and antimalware software
Confirming and testing backups and backup procedures
Evaluating the organization’s detection and response capabilities

Organizations can also determine their visible internet attack surface by reviewing results from web search platforms. See CISA’s Get Your Stuff Off Search page for guidance.

In terms of communications, staff should be extra cautious and aware of a possible increase in phishing attacks when reviewing emails:

Double-check sender addresses.
Do not click on any links, scan QR codes, or open attachments that seem suspicious or unexpected.
Report suspected phishing to security or IT teams.
See CISA’s phishing tip sheet for more information.

Conducting tabletop testing and performing ransomware simulation exercises can help organizations evaluate their readiness for a potential ransomware attack.

Organizations should alert staff to possible phishing threats. Suggested email content could include the following:

In response to the continuing escalation among Russia, Ukraine, and North Atlantic Treaty Organization allies, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recommends that U.S. organizations adopt a heightened cybersecurity posture. In both its advisory and alert, CISA describes the potential for the Russian government to consider escalating its destabilizing actions, such as cyberattacks on gas pipelines and other utilities as well as targeted cyberattacks on companies to disrupt commerce, health services, and other critical infrastructure.

Please be extra cautious and aware of possible phishing attacks when reviewing emails, double-check sender addresses, and do not click any links or attachments that seem suspicious or unexpected, including scanning QR codes from unknown sources. Please report as phishing to continue to build our defenses.

What to do in the event of a cyberattack

All organizations should report incidents and anomalous activity to CISA and/or the Federal Bureau of Investigation (FBI) via the local FBI field office or the FBI’s 24/7 CyWatch at +1 855 292 3937 or [email protected].

Cybersecurity Forensics Cyber resilience Managed detection and response Ransomware Security awareness

Previous Post Next Post

Is there a topic you’d like to read about?

Let us know.