Seek Protection Without Delay!

Before Russia's invasion of Ukraine, we had already witnessed cyberattacks that made us suspect a cyberwar. It was on February 24, with Russian troops entering its neighboring country, that cyberattacks from one side to the other and system disruptions began to be reported. In addition, the Ukrainians' recruitment of volunteer hackers and cybersecurity specialists and the hacking groups supporting one side or the other were public actions. We started to see news of assaults in European countries close to Ukraine and the United States a few days later. As a result, the reports discussed in this blog post appeared: warnings and advice for prevention and protection against potential cyberattacks.

In late February, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) warned of possible malicious cyber activity by Russians against organizations of all sizes in the U.S. and allied countries in its Shields Up campaign. It emphasized their need to be prepared for attacks and protect their critical assets and requested that they report any such incidents to CISA. Among the advised actions, it began with those linked to reducing the likelihood of damage.

Among those recommendations were the following: (a) Have multi-factor authentication for remote access, especially privileged access, to the organization's network. (b) Ensure that the software components are up to date, mainly concerning the CISA's catalog of known exploited vulnerabilities, with 570 entries at the time of writing this post. (c) Check that ports and protocols that are not essential to the organization are disabled. (d) Implement security controls to defend against attacks targeting cloud services, following a guide CISA provided early last year. (We invite you to read a post where we point out how confusion with the cloud shared responsibility model can mean trouble for your firm.) And finally, (e) use the free CISA cyber hygiene service for vulnerability identification.

Likewise, CISA provided advice on resilience to cyberattacks. First of all, the ability to restore critical data. It is vital to ensure that backups are separated from network connections. Another item is that, if operational technology is used, manual control tests should be performed to ensure that critical functions are not affected in an impact on the network. Finally, CISA gave corporate leaders advice on their roles in their organizations' posture and about response processes to ransomware attacks.

A week ago, the Biden-Harris Administration on the White House website sent a message that added to previous warnings, such as the aforementioned by CISA. In this fact sheet, they were clear that ongoing investigations suggest possible cyberattacks from Russia on the U.S. Especially due to the economic sanctions that Putin's nation has received since the invasion of Ukraine. They talked about the current modernization of their government defenses. They also referred to action plans to reinforce cybersecurity in the water and electricity sectors. Likewise, they reported on a broad international alliance to detect and disrupt ransomware threats.

Similar to the CISA's report, the U.S. Administration began by stressing the value of multi-factor authentication. In general terms, they recommended deploying tools for threat identification and mitigation. They suggested keeping systems patched and protected against known vulnerabilities. Furthermore, they advised changing passwords, something we should all be doing frequently. Additionally, they also recommended crucial offline backups and crisis simulation exercises.

Further on, they mentioned something quite relevant, different from what we saw in the previous report: encrypting data so that it cannot be used by criminals if stolen. Another of their suggested steps was to educate employees about attacker tactics in email and websites. (See this post to get an idea.) This, in addition to urging them to report difficulties and unusual behavior on their systems. (Look at this post.) At the end of these first steps, the White House recommended that companies proactively engage in interaction with CISA and FBI offices and the resources they offer.

Lastly, in the interest of greater cybersecurity in the long term, the Administration offered some suggestions to technology and software firms. On the one hand, they invited companies to develop software in highly secure systems. On the other hand, as recommended by Fluid Attacks, they suggested the integration of security from the beginning of product development. (See the DevSecOps methodology.) Related to this, they recommended employing scanning tools for the early identification of known vulnerabilities. (Fluid Attacks' ethical hackers can complement such tools to report more complex vulnerabilities and reduce false positives and negatives.) The remediation process can be faster and less costly when feedback to developers occurs in phases prior to software deployment. Additionally, they underscored the need for developers to always know and record the origin of the components they use. Many of which are open-source code.

At Fluid Attacks, we recognize the value of these general recommendations, many of which we have shared on different occasions. From our end, we urge you to always resort to the preventive act and not wait to be the victim of a successful cyberattack. Looking for vulnerabilities with services such as our Continuous Hacking and remediating them asap can greatly protect the privacy and assets of your company and your clients or users. Don't hesitate to contact us!