By: Armando D’Onorio (CISSP, GSLC, GCCC), Ferrilli’s Chief Information Security Officer & Senior Consultant
As the U.S. imposes sanctions on Russia for its ongoing aggression with Ukraine; security experts at the Wall Street Journal’s virtual CIO Network Summit this week recommended that the U.S. should prepare for possible cyber retaliation.
Recommendations and Awareness
Recommendations that came from the Summit included locking accounts after two or three failed login attempts and being aware that the Russian operatives could be using password spraying attacks; recycling passwords from past password data dumps; and may likely be using artificial intelligence to access networks.
Russia has been known to use hybrid warfare strategies and utilize cyberattacks against their adversaries. Professionals who monitor cyber threats, both for governments and corporations, are concerned that the worst is yet to come, in the form of both direct attacks by Russia and collateral damage from their cyber attacks.
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued a warning to U.S. business that says they should be prepared to defend against cyber attacks originating from Russia. “Every organization—large and small—must be prepared to respond to disruptive cyber activity.”
Russian Hackers began at least as early as January targeting Ukraine with “wiper” malware which is designed to destroy hard drive data by wiping their contents completely. Professionals who monitor cyber threats, both for governments and corporations, are on high alert because Russia has a history of unleashing cyberweapons that wreak havoc far beyond the computers and networks that were their original targets.
What Can You Do to Protect Your Student and Employee Data?
The House Armed Services Committee recommends institutions be testing procedures for backups and restoring data, enabling multifactor authentication on devices connected to their networks, and ensuring software is up to date on patching to protect their networks from known vulnerabilities.
Here are Some Additional Mitigating Tips and Helpful Layers of Defense
- Prepare by documenting what you have. Identify every application and asset running in your IT environment. This level of granularity will allow you to quickly map critical assets, data, and backups, and to identify vulnerabilities and risks. By having a complete picture of your network and data environments, you’ll be able to respond and act quickly during an attack or breach.
- Utilize segmentation and alerting where possible to help prevent ransomware propagation and lateral movement. Create perimeters around critical applications, backups, file servers and databases. Restrict traffic between users, applications, and devices to help block lateral movement. These blocked access attempts become your indicators of compromise. Incorporate reputation-based detection that alerts to the presence of known malicious domains and processes. Set up security monitoring so you are collecting the data that will be needed to analyze network intrusions.
- Test your backups and recovery methods. Make sure to have backups off-site and visualization capabilities that support phased recovery strategies in which connectivity is gradually restored as different areas of the network are validated as “all clear.”
- Do not expose management interfaces of network devices to the internet. The management interface is a significant attack surface, so not exposing them reduces your risk. Web based interfaces are convenient for managing networking equipment, but under no circumstances should these be open to the world and the internet.
- Protect your devices and networks by keeping them up to date. Use the latest supported versions, apply security patches promptly, use anti-virus and scan regularly to guard against known malware threats.
- Use multi-factor authentication to reduce the impact of password compromises.
- Treat people as your first line of defense. Tell staff how to report suspected phishing emails, and ensure they feel confident to do so. They are your first line of defense, investigate their reports promptly and thoroughly. Never punish users for clicking phishing links or opening attachments.