The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint advisory over the weekend to help organizations detect and protect their networks from cyberattacks.
The advisory recommended enabling multifactor authentication (MFA), setting antivirus and anti-malware programs to conduct regular scans, deploying strong spam filters to prevent phishing emails from reaching end users, updating software and filtering network traffic.
“In the wake of continued denial of service and destructive malware attacks affecting Ukraine and other countries in the region, CISA has been working hand-in-hand with our partners to identify and rapidly share information about malware that could threaten the operations of critical infrastructure here in the U.S.,” CISA Director Jen Easterly said in a statement.
Easterly noted public and private sector partners in the Joint Cyber Defense Collaborative (JCDC), international computer emergency readiness team (CERT) partners and the FBI are all working together to help organizations reduce their cybersecurity risk.
Shore up Your Systems
“The FBI, alongside our federal partners, continues to see malicious cyber activity that is targeting our critical infrastructure sector,” FBI Cyber Division Assistant Director Bryan Vorndran said in a statement. “We are striving to disrupt and diminish these threats, however, we cannot do this alone.”
Vorndran called on organizations to continue to shore up their systems to prevent any increased impediment in the event of an incident.
“We will continue to share information with our public and private sector partners and encourage them to report any suspicious activity,” he said.
CISA Recommends Continued Vigilance
The advisory warned that malware could present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data.
The CISA and FBI advised organizations to increase vigilance for such an event and to evaluate their capabilities, which encompass planning, preparation, detection and response.
Cybersecurity experts have been sounding the alarm as Russia’s invasion of Ukraine continues, and fears grow of global cyberwarfare impacting governments and organizations of all sizes. Threat actors have already deployed destructive malware against organizations in Ukraine, including both WhisperGate and HermeticWiper, against organizations in Ukraine to destroy computer systems and render them inoperable.
The Microsoft Threat Intelligence Center (MSTIC) disclosed that WhisperGate was being used to target organizations in Ukraine back in January, while several cybersecurity researchers disclosed HermeticWiper was being used against organizations in Ukraine last week.
As various forms of cyberattacks remain a threat in the Ukraine conflict, ransomware is also being used as a decoy.
“It’s not surprising that multiple mechanisms were used. Given the timeline and activity, it would appear that the attacks were planned well in advance and executed,” explained Purandar Das, CEO and co-founder of data security specialist Sotero. “If the attacks were already on the cards, ransomware attacks would be an ideal disguise since they are occurring all the time and target pretty much everybody.”
He added that deploying more harmful and insidious malware under the ransomware label would, in theory, enable the attacker’s motives to remain undetected longer.
Marcus Fowler, Darktrace’s senior vice president, strategic engagements and threats, noted that unlike more traditional and historical military norms, defensive cyber superiority, not offensive capability, will decide cyber supremacy moving forward.
“Non-state cyber actors are going to increasingly become a bigger part when it comes to the more global aspects of this story,” he said. “They may also be less controllable, less precise in their targeting, and less conscious of the implications of their actions, despite wielding highly sophisticated tools. This involvement increases the chance of unintentional escalation of the conflict or miscalculation and greater intentional private sector targeting.”
The CISA has also updated its Shields Up webpage to provide additional services and resources, which include recommendations for business and IT security leaders, along with actions that can be undertaken to protect critical assets.
Last week Ukraine’s Defense Ministry asked for infosec help from its citizens, calling up volunteers to join a “cyber force” that would defend against Russian attacks.