Please help to click 1!

Thursday 17 February 2022

FBI and DHS warn US Organizations of Potential Russian Cyberattacks Linked to a Potential Invasion of Ukraine

 

Summary

Multiple agencies have issued warnings regarding the potential conflict between Ukraine and Russia, particularly with regard to a potential cyber threat. Recently, CISA issued a warning of the “potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine” and included more than a dozen actions companies should take to protect their networks against hacking.

 

In addition, the FBI and DHS have warned those charged with overseeing critical U.S. infrastructure to be prepared for potential Russian cyberattacks in conjunction with a possible invasion of Ukraine.

 

These agencies have been working alongside US critical infrastructure organizations to raise awareness about potential threats.

 

Cyber actions in conflicts between nations are often used as distractors, as force multipliers, or in conjunction with intended physical effects.

 

Recently, too, US officials warned NATO and Baltic countries of possible cyberattacks emanating from Russia as tensions mount over Ukraine. Germany and the Netherlands are both NATO countries.

 

While there are not currently any specific credible threats, organizations in the US and allied countries should maintain a heightened awareness, particularly those in the industries mentioned above.

Analysis

Potential Impact

 

Russian actors employ many attack vectors, from ransomware to leveraging unpatched vulnerabilities to phishing campaigns. While these attacks and campaigns are likely very targeted, successful attacks related to the conflict with Ukraine could have global implications – affecting organizations and processes from supply chains to critical infrastructure.

Organizations should be hyper-aware of spear-phishing campaigns, particularly with subjects involving this conflict.

 

In international conflicts, there has historically been no ‘red-line’ drawn for nations engaging in cyber activities affecting public or private organizations, critical infrastructure, financial organizations, etc, potentially enabling actors on both sides to push cyber boundaries.

 

Given historical targeting and the current geopolitical situation, NATO-member countries, along with organizations that are either part of the supply chain, or directly related to those supporting critical infrastructure are advised to continue best practices, both from cyber security and physical security perspectives.

 

And, due to the sophisticated nature of state-sponsored attackers, successful entry into a targeted network could be devastating to victim organizations. Persistent access could go undetected for extended periods of time, allowing attackers to move laterally through the network, harvest credentials for further access, exfiltrate sensitive personal or proprietary information which can be further exploited – either for financial gain or for espionage purposes, and could have significant geopolitical ramifications as well, to include consequences on local or global economies and supply chains.

 


 

Recommendations

CISA and FBI have provided mitigation strategies and recommendations in various alerts for varying attack vectors.

 

CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. Users are encouraged to read the most recent mitigations and recommendations at the Shield’s Up website .

 

Recommends clients follow best security practices, including maintaining up-to-date software and anti-virus updates, as well as continuing user training to detect and avoid clicking on links in spear-phishing emails.

References

https://www.cisa.gov/shields-up
Posted by at No comments:

Monday 14 February 2022

CISA/FBI/ACSC/NCSC Alert: 2021 Trends Show Increased Globalized Threat of Ransomware

 

Summary

The US CISA, FBI, the Australian Cyber Security Centre (ACSC), the National Security Agency (NSA), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) recently released joint Security Alert AA22-040A after observing a global increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations during 2021.

 

While incidents were observed on a global scale, incidents in the US were observed targeting 14 of the 16 US critical infrastructure sectors, including the Defense Industrial Base, Emergency Services, Food and Agriculture, Government Facilities, and Information Technology Sectors.

 

The Alert details observed behaviors and trends as well as mitigation recommendations to help network defenders reduce their risk of compromise by ransomware.

 

An increase in the following behaviors and trends were observed in the previous year, to include:

  • Gaining access to networks via phishing, stolen Remote Desktop Protocols (RDP) credentials or brute force, and exploiting vulnerabilities
  • Using cybercriminal services-for-hire
  • Sharing victim information
  • Shifting away from “big-game” hunting in the United States
  • Diversifying approaches to extort money
  • Targeting the cloud
  • Targeting managed service providers
  • Attacking industrial processes
  • Attacking the software supply chain
  • Targeting organizations on holidays and weekends

Analysis

Potential Impact

 

A successful ransomware attack can cause considerable system downtime and widespread damage across an organization. An attack could lead to encryption of a significant number of devices across the domain and lead to loss of availability for these devices and operational or sensitive data, further leading to potential regulatory fines and costs associated with loss of availability and repairs.

 

In addition, elevation of privileges and lateral movement through a targeted network could allow attackers further access to sensitive or proprietary data for further exploitation.

 

And, as we have seen in the past, successful attacks targeting critical infrastructure organizations – for example, the Colonial Pipeline and Saudi Aramco – could have a significant impact on the organization itself, as well as various ripple effects on local or global economies and supply chains.

 


Recommendations

The FBI, CISA, ACSC, NSA, and NCSC urge critical infrastructure organizations to apply the recommendations listed in the Mitigations section of the Alert to mitigate the risk of compromise from ransomware attackers.

 

The alert provides detailed mitigation recommendations which include:

  • Patch and Update Systems,
  • Implement end-to-end encryption
  • Implement and Enforce Backup and Restoration Policies and Procedures
  • Implement Network Segmentation
  • Enforce principle of least privilege through authorization policies
  • Maintain offline (i.e., physically disconnected) backups of data, and regularly test backup and restoration
  • Use Multi-factor authentication and use strong passwords to secure user accounts

Please refer to the alert for detailed mitigation strategies.

 

In addition, the FBI, CISA, ACSC, NSA, and NCSC recommend reporting suspected ransomware incidents, as well as following the Ransomware Response Checklist on p. 11 of the CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide .

 

Recommenda clients review the mitigation references available in the alert and apply any necessary software updates as soon as possible after appropriate evaluation and testing have been completed.

 

For more information and resources on protecting against and responding to ransomware, refer to StopRansomware.gov , a centralized, U.S. whole-of-government webpage providing ransomware resources and alerts.

References

https://www.cisa.gov/uscert/ncas/alerts/aa22-040a
https://cisa.gov/sites/default/files/publications/CISA_MS-ISAC_Ransomware%20Guide_S508C_.pdf
https://www.cisa.gov/stopransomware/
https://cisa.gov/sites/default/files/publications/CISA_MS-ISAC_Ransomware%2520Guide_S508C_.pdf
Posted by at No comments:

Saturday 12 February 2022

Apple Releases Security Update for Possibly Exploited Zero-Day Vulnerability

 

Summary

CVE: CVE-2022-22620

CVSS: Unscored

Affected Products: iPhone 6s and later; iPad Pro (all models); iPad Air 2 and later; iPad 5th generation and later; iPad mini 4 and later; iPod touch (7th generation); macOS Monterey

 

Apple released a security update addressing a zero-day vulnerability impacting iPhones, iPads, and Macs. The vulnerability, CVE-2022-22620, is a WebKit Use After Free zero-day discovered by an anonymous security researcher. Apple notes in its security updates that this vulnerability may have been actively exploited in the wild.

Analysis

Affected Products

Potential Impact

 

Successful exploitation of CVE-2022-22620 could lead to arbitrary code execution on an affected device, allowing an attacker to potentially crash vulnerable devices, view, modify, or delete data, or take control of an affected device.

 

Recommendations

Apple has released security updates which address this vulnerability in all affected products. NTT recommends organizations apply these updates after conducting the appropriate evaluations and testing.

References

https://support.apple.com/en-us/HT213091
https://support.apple.com/en-us/HT213092
https://support.apple.com/en-us/HT213093
Posted by at No comments:
Subscribe to: Posts (Atom)