Cybersecurity leaders urge digital defense awareness, preparation in light of Russia invasion

“We need to be prepared for the potential of foreign influence operations to negatively impact various aspects of our critical infrastructure with the ongoing Russia-Ukraine geopolitical tensions,” said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), in a statement about the release of new guidance. “We encourage leaders at every organization to take proactive steps to assess their risks from information manipulation and mitigate the impact of potential foreign influence operations.”

The cybersecurity guidance came ahead of Russia’s invasion. It’s intended to alert awareness among critical infrastructure owners and operators on the risks of concentrated digital operations. The document outlines steps organizations can take to mitigate the effects of cyberattacks, such as by ensuring swift coordination in information sharing and communicating accurate and trusted information to increase resilience. Critical infrastructure includes bridges and tunnels, energy and drinking water plants and disaster response. 

In a separate, joint advisory, CISA, the FBI and the National Security Agency (NSA), outlined activities and tactics used by Russian state-sponsored cybercriminals. Those include brute force techniques; spearphishing emails with malicious links; using harvested credentials to gain access; and maintained persistent access, “in multiple instances for at least six months, which is likely because the threat actors relied on possession of legitimate credentials enabling them to pivot to other accounts.”

Over the last several years, “Russian state-sponsored cyber actors have been persistent in targeting U.S. cleared defense contractors to get at sensitive information. Armed with insights like these, we can better detect and defend important assets together,” said Rob Joyce, director of NSA Cybersecurity. The advisory urges all government organizations to investigate suspicious activity and, with or without evidence of a compromise, to apply mitigations including enforce multifactor authentication, unique passwords, and implement endpoint detection and response tools, among other steps.

To read the complete article, visit American City & County.