shields | CISA

The Russian invasion of Ukraine could affect organizations both inside and outside the region malicious cyber activity against the United States, including in response to the unprecedented economic costs imposed on Russia by the United States and our allies and partners. Sophisticated intelligence indicates that the Russian government is exploring options for potential cyber attacks. Every organization – large and small – must be prepared to respond to disruptive cyber incidents. As the country’s cyber defense agency, CISA is ready to help organizations prepare for, respond to, and mitigate the impact of cyber attacks. When cyber incidents are reported quickly, we can use this information to provide assistance and as a warning to prevent organizations and other entities from falling victim to a similar attack.

Organizations must report anomalous cyber activity and/or cyber incidents 24/7 to report@cisa.gov or (888) 282-0870.

Latest updates

Guidelines for all organizations

CISA recommends that all organizations – regardless of size – adopt a tough stance when it comes to cyber security and protecting their most important assets. Recognizing that many organizations find it difficult to identify the resources needed for urgent security improvements, we have compiled Free cybersecurity services and tools From government and industry partners to help. Recommended actions include:

Reduce the possibility of malicious hacking

  • Verify that all remote access to the enterprise network and privileged administrative access require multi-factor authentication.
  • Ensure that the software is up-to-date, prioritizing updates that address Known exploits identified by CISA.
  • Ensure that your organization’s IT staff disable all ports and protocols that are not necessary for business purposes.
  • If the organization uses cloud services, be sure to review and implement IT staff Robust controls outlined in CISA Guidelines.
  • sign for Free e-cleaning services from CISAincluding vulnerability scanning, to help reduce exposure to threats.

Take steps to detect potential intrusion quickly

  • Ensure that cyber security/IT personnel are focused on quickly identifying and assessing any unexpected or unusual network behavior. Enable logging to better investigate issues or events.
  • Ensure that the entire enterprise network is protected by antivirus / anti-malware software and that the signatures in these tools are updated.
  • If you work with Ukrainian organizations, keep an eye on, screen and isolate traffic from those organizations; Closely review the access controls for this traffic.

Ensure that the organization is prepared to respond in the event of an intervention

  • Assign the crisis response team with key focal points for the suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, law and business continuity.
  • ensuring availability of key personnel; Determine the means to provide surge support to respond to an incident.
  • Perform a table exercise to ensure that all participants understand their roles during the incident.

Maximizing the organization’s resilience in the face of a devastating cyber incident

  • Test backup procedures to ensure critical data can be quickly restored in the event an organization is affected by ransomware or a devastating cyber attack; Ensure that backups are isolated from network connections.
  • If you are using industrial or operational technology control systems, test manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or unreliable.

By implementing the above steps, all organizations can make near-term progress towards improving cyber security and resiliency. Additionally, while recent cyber incidents have not been attributed to specific actors, CISA urges cyber/IT security personnel in each organization to review Understand and mitigate Russian state-sponsored cyber threats to US critical infrastructure. CISA also recommends organizations to visit StopRansomware.gov, an all-government central webpage that provides ransomware resources and alerts.

Guidelines for corporate leaders and CEOs

Corporate leaders play an important role in ensuring that their organizations adopt a high security posture. CISA urges all senior leaders, including CEOs, To take the next steps:

  • Empowering Senior Information Security Officers (CISO): In nearly every organization, security improvements are weighed against the cost and operational risks to the company. In this increasingly threat environment, senior management must empower CISOs by including them in the decision-making process for risks to the company, and ensure that the entire organization understands that security investments are a top priority in the near term.

  • Low reporting thresholds: Every organization should have documented thresholds for reporting potential cyber incidents to senior management and the US government. In this heightened threat environment, these thresholds should be much lower than normal. Senior management should set an expectation that any indications of malicious electronic activity should be reported, even if they are blocked by security controls. report@cisa.gov. Lowering the limits will ensure that we are able to identify the problem immediately and help protect against further attacks or casualties.

  • Take part in testing response plans: Cyber ​​incident response plans should include not only your security and IT teams, but also your top business leadership and board members. If you haven’t done so already, senior management should engage in an exercise at the table to ensure familiarity with how your organization is managing a major cyber incident, not only for your company but also for companies within your supply chain.

  • Focus on continuity: Recognition of limited resources and investments in security and resiliency should focus on those systems that support critical business functions. Senior management should ensure that such systems are identified and continuity tests are conducted to ensure that critical business functions remain available after the electronic intervention.

  • plan for the worst While the US government does not have reliable information regarding specific threats to the American homeland, organizations must plan for a worst-case scenario. Senior management must ensure that stringent measures can be taken to protect your organization’s most critical assets in the event of interference, including disconnecting high-impact parts of the network if necessary.

ransomware response

If you have been affected by a ransomware attack, CISA highly recommends using the following Checklist Presented at the Joint CISA and Multi-Country Clearinghouse and Analysis Center (MS-ISAC) ransomware guide to answer. This information will take you through the response process from detection to containment and eradication.

  1. Define systems immediately and isolate them.
  2. Just in case you are unable to disconnect the devices from the network, Shrink it to avoid further spread from getting infected with the ransom virus.
  3. Sort affected systems For restoration and recovery.
  4. Consult your Incident Response Team for dDevelop and document an initial understanding What happened based on the preliminary analysis.
  5. Involve your internal and external teams and stakeholders with an understanding of what they can do to help you mitigate, respond to, and recover from the incident.
  6. Take system image and capture memory for a sample of affected devices (eg workstations, servers).
  7. Consult federal law enforcement regarding potential decryption tools Available, as security researchers have already cracked the encryption algorithms of some ransomware variants.

For more detailed information, visit StopRansomware.gov and follow the steps on You have been hit by ransomware! page.

Steps you can take to protect yourself

Everyone can take simple steps to improve their cyber hygiene and protect themselves online. meIn fact, there are 4 things you can do to keep yourself safe on the Internet. CISA urges everyone to practice:

  • Implement multi-factor authentication on your accounts. A password is not enough to keep you safe on the Internet. By implementing a second layer of identification, such as a confirmation text message or email, a code from an authentication app, a fingerprint or face ID, or best yet, FIDO key, you give your bank, email provider, or other website you log on with confidence in your identity. Multi-factor authentication can make you 99% less likely to be hacked. So, enable multi-factor authentication on your email, social media, online shopping, and financial services accounts. And don’t forget our streaming gaming and entertainment services!
  • Update your software. In fact, turn on automatic updates. Bad actors will exploit flaws in the system. Update the operating system on mobile phones, tablets and laptops. And update your apps – especially web browsers – on all your devices, too. Take advantage of automatic updates for all devices, apps, and operating systems.
  • Think before you click. More than 90% of successful cyber attacks start with a phishing email. A phishing scheme occurs when a link or web page appears legitimate, but is a trick designed by bad actors to show you passwords, social security number, credit card numbers, or other sensitive information. Once they have this information, they can use it on legitimate websites. They may try to convince you to run malware, also known as malware. If it’s a link you don’t know, trust your instincts and think before you click.
  • Use strong passwordsIdeally a password manager to create and store unique passwords. Our world is increasingly digital and increasingly interconnected. So, while we must protect ourselves, it will require all of us to protect the systems on which we all depend.
Additional Resources

Cyber ​​Security Tips

Joint Cyber ​​Security Consulting: Top Routinely Exploited Vulnerabilities in 2021

Russian state-sponsored criminal cyber threats to critical infrastructure

DOE/CISA/NSA/FBI Cyber ​​Security Advisory: APT Cyber ​​Tools Targeting ICS/SCADA Devices (April 2022)

Alert (AA22-057A) DrDisruptive malware targeting organizations in Ukraine (February 2022)

Updated: Conti Ransomware Cyber ​​Security Advisor

CISA Insights: Preparing and Mitigating Foreign Impact Operations Targeting Critical Infrastructure (pdf) (February 2022)

CISA Insights: Implementing Cyber ​​Security Measures Now to Protect Against Potentially Serious Threats (pdf) (January 2022)

Alert (AA22-011A) Understanding and Mitigating Russian State-Sponsored Cyber ​​Threats to Critical Infrastructure of the United States (January 2022)

Shields Up Technical Guidance | CISA

Overview of the cyber threat in Russia

cyber preparedness resources

The National Electronic Awareness System

New Federal Government Cyber ​​Security and Vulnerability Response Operating Manuals

Cyber ​​Essentials Toolkits

Cyber ​​Resource Center

CISA Cyber ​​Security Awareness Program Toolkit

CISA Tools

Cyber ​​Incident Resource Guide for Governors

COVID-19 Disinformation Toolkit

Free cybersecurity tools and services for the public and private sectors

Catalog of known vulnerabilities

Sources of Misinformation, Dis- and Malin Information

MDM Common Control Page Start Guide

war on pineapple

Emergency Communications Resources

Priority Communications Fact Sheet (.pdf, 337.37kb)

Priority Communications Eligibility Fact Sheet (.pdf, 684.49kb)

Leave a Reply

Your email address will not be published.