On March 24, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Energy (DOE) published a joint advisory for the U.S. and international energy sector organizations.
The joint advisory, titled “Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector” provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 which targeted U.S. and international Energy Sector organizations.
“In light of the indictments announced today and evolving intelligence that the Russian Government is exploring options to conduct potential cyberattacks against the U.S., CISA, along with our FBI and DOE partners, is issuing this joint advisory to reinforce the demonstrated threat posed by Russian state-sponsored cyber actors,” said CISA Director Jen Easterly.
The advisory includes technical information on previous Russia state-sponsored attacks between 2011 and 2019, including details of a global energy sector attack and a Middle East-based energy sector organization malware compromise. The alert recommends organizations immediately:
- Enforce multifactor authentication to authenticate into a system.
- Implement and ensure robust network segmentation between information technology and industrial control systems (ICS) networks.
- Manage the creation of, modification of, use of and permissions associated with privileged accounts.
Citing these past incidents with the current concerns of potential Russian cyber-attacks on U.S. businesses, the advisory reiterates the importance for the U.S. energy sector and critical infrastructure organizations to take immediate actions to mitigate cyber risk and protect their networks. The full advisory is viewable at https://www.cisa.gov/uscert/ncas/alerts/aa22-083a.
Easterly encouraged organizations to visit the CISA Shields Up page, which provides important information about the potential direct and indirect cybersecurity threats U.S. businesses may face due to the escalating Russia and Ukraine conflict.
The page also provides verified contact information to report threats, free cybersecurity tools and services, a list of cybersecurity best practices to help organizations reduce the likelihood of a damaging cyber intrusion, steps to quickly detect a potential intrusion, guidance regarding intrusion response preparation and tips on how to strengthen current defenses. The Shields Up page is viewable at https://www.cisa.gov/shields-up.
White House Releases Act Now to Protect Against Potential Cyberattacks Fact Sheet
In addition to the joint advisory, the Biden Administration recently released the “Act Now to Protect Against Potential Cyberattacks” fact sheet in response to reports from the intelligence community indicating Russia was exploring options for cyber attacks on the United States.
The fact sheet reiterates the growing concerns over the potential cyber attacks Russia may deploy in response to the economic sanctions from the United States and states that there is now evolving intelligence that Russia may be exploring options for potential cyber attacks.
The fact sheet encourages the private sector and other U.S. businesses to visit the aforementioned CISA Shields Up page and urges companies to take several immediate actions including:
- Back up your data and ensure you have offline backups beyond the reach of malicious actors.Deploy modern security tools on your computers and devices to continuously look for and mitigate threats.
- Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities and change passwords across your networks so that previously stolen credentials are useless to malicious actors.
- Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system.
- Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack.
The fact sheet also lays out several recommendations specifically for technology and software companies including:
- Build security into your products from the ground up — “bake it in, don’t bolt it on” — to protect both your intellectual property and your customers’ privacy.
- Develop software only on a system that is highly secure and only accessible to those actually working on a particular project. This will make it much harder for an intruder to jump from system to system and compromise a product or steal your intellectual property.
- Software developers are responsible for all code used in their products, including open-source code. Most software is built using many different components and libraries, much of which is open source. Make sure developers know the provenance (i.e., origin) of components they are using and have a “software bill of materials,” so they can rapidly correct any vulnerabilities they may find in those components.
The fact sheet is viewable at www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/fact-sheet-act-now-to-protect-against-potential-cyberattacks/.
Related Links
- CISA Alert (AA22-083A) Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector
- White House Fact Sheet: Act Now to Protect Against Potential Cyberattacks
- CISA Shields Up
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].
In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.