CISA says Shields Up! The Cyber-war is here…
The Department of Homeland Security oversees the U.S. CISA (Cybersecurity and Infrastructure Security Agency). The CISA's core values are Collaboration, Innovation, Service, and Accountability; these values are central to the essential work needed to stem an onslaught of cybersecurity attacks. This collaboration involves cooperation on cybersecurity matters between the private sector and the government. The goal is to build and maintain secure critical infrastructures to protect citizens.
As cybersecurity threats rain down on the USA and across the globe, the CISA has created the Shields Up website that provides a series of threat alerts and guidelines to protect organizations.
A World of Critical Cyberthreats
The world is up against an unprecedented onslaught of cyber-attacks. World events, including the Covid-19 pandemic and the war on Ukraine, have emboldened cybercriminals. In a recent address, President Biden warned companies that operate critical infrastructures of impending Russian-sponsored attacks.
Biden stated:
“...today my administration has issued renewed warnings that, based on evolving intelligence, Russia may be planning a cyberattack against us. And as I’ve said, the magnitude of Russia’s cyber capacity is fairly consequential, and it’s coming.”
This address comes on the heels of increasing cyberattacks: in 2021, an IDC report found that 37% of worldwide organizations were victims of ransomware; the FBI identified losses of over $43 billion due to Business Email Compromise between 2016 and 2021.
The CISA Shields Up initiative attempts to redress the balance by offering guidance on protecting against these attacks.
Shields Up!
The CISA lays out its vision for a cyber-secure infrastructure by declaring, "Every organization—large and small—must be prepared to respond to disruptive cyber incidents." To help in this endeavor, the CISA Shields Up website offers a series of alerts, advisories, and best practices. In addition, Shields Up looks at a current and imminent threat profile and advises on how to protect against the cyber-threat. Some recent examples include:
Alert (AA22-131A): Protecting Against Cyber Threats to Managed Service Providers and their Customers
This alert identifies an increase in cyber-threats targeting managed service providers (MSPs) and their access to client networks in the USA, U.K., Australia, Canada, and New Zealand. The threats focus on ransomware infection and cyber-espionage, with CISA offering a series of best practices to mitigate the risks to MSPs and customers. Cyber-threat prevention measures include anti-phishing, internet-facing services protection, and password defense.
CISA, FBI, NSA, AND INTERNATIONAL PARTNERS ISSUE ADVISORY ON DEMONSTRATED THREATS AND CAPABILITIES OF RUSSIAN STATE-SPONSORED AND CYBER CRIMINAL ACTORS
This advisory gives an overview of Russian-sponsored cyber threats to critical infrastructures. This advisory is a collaboration between the United States, Australia, New Zealand, and the United Kingdom. It involves work with industry bodies via the Joint Cyber Defense Collaborative, which brings the public and private sectors together to tackle cyber-threats. The advisory focuses on four key defensive measures:
- Prioritize patching of known exploited vulnerabilities;
- Enforce multi-factor authentication (MFA);
- Monitor remote desktop protocol (RDP); and
- Provide end-user awareness and training
Joint Cybersecurity Advisory: 2021 Top Routinely Exploited Vulnerabilities
Another collaborative investigation involves the United States, Australia, Canada, New Zealand, and the United Kingdom. The research identifies the top cyber-threats to businesses. The resulting paper identifies the highest risk vulnerabilities to companies worldwide: this includes the Log4Shell vulnerability, several vulnerabilities in Microsoft Exchange Server, and Microsoft Office. Mitigations include:
-
Centralized patch systems.
- Scanning and patching of internet-facing systems.
- Continuous monitoring of the attack surface.
Round-up of defensive measures from Shields Up!
Shields Up works by bringing the collective knowledge of industry and government together to tackle the thorny issue of increasing cyber-attacks. This is a vital strategy in a troubled world where war has crossed the chasm from purely physical-attacks to cyber-attacks. While each attack may have a complex profile, specific security measures are strongly recommended by the Shields Up advisories:
Provide security awareness training
The CISA states, "Phishing is one of the top infection vectors for ransomware, and Russian state-sponsored APT actors have conducted successful spear-phishing campaigns to gain credentials of target networks." Therefore, employees need to know the tell-tale signs of phishing to prevent clicking on malicious links or downloading infected attachments. Success can be achieved by using behavior-driven security awareness training, allowing an organization to focus on specific poor security behaviors of an individual.
Enable Strong Spam Filters
CISA recommends using spam filters to prevent phishing emails from entering employee inboxes. These filters should use advanced and intelligent mechanisms, including machine learning, to be effective against emerging phishing threats.
Update software
Cybercrime propagates through vulnerabilities in our I.T. systems. Therefore, organizations must keep software and firmware up to date and patch promptly: the CISA suggests a centralized patch management system to automate patching. CISA also suggests using vulnerability scanning to check across an expanded network of devices and apps.
The CISA holds a vulnerability catalog that security professionals can access to keep them aware of known security flaws.
Enforce MFA
CISA suggests enforcing the use of additional factors for authentication to apps. The agency also recommends good password hygiene measures such as not sharing or reusing passwords. Considering a Google survey that found 62% of people reuse passwords, this is wise advice.
Manage access
Access control is a key preventative measure against cybersecurity attacks. Advisories include applying the principle of least privilege to prevent unauthorized access to sensitive web servers and data.
Preparing for a cyber-incident is also covered by the CISA, which recommends that organizations:
- Maintain offline backups and archive data and emails
- Encrypt all data and emails
- Create cyber-response policies and advisories
Cyber-attacks are out of control, but the CISA provides a way to fight back. By using the CISA Shields Up website and keeping up to date with the best practice advice offered in the alerts and guidance, a company can protect itself from the onslaught of threats in a troubled world.