The Russian invasion of Ukraine could affect organizations both inside and outside the region, to include them malicious cyber activity against the United States, including in response to the unprecedented economic costs imposed on Russia by the United States and our allies and partners. Sophisticated intelligence indicates that the Russian government is exploring options for potential cyber attacks. Every organization – large and small – must be prepared to respond to disruptive cyber incidents. As the nation’s cyber defense agency, CISA is ready to help organizations prepare for, respond to, and mitigate the impact of cyber attacks. When cyber incidents are reported quickly, we can use this information to provide assistance and as a warning to prevent organizations and other entities from falling victim to a similar attack.
Organizations must report anomalous cyber activity and/or cyber incidents 24/7 to firstname.lastname@example.org or (888) 282-0870.
CISA recommends that all organizations – regardless of size – adopt a tough stance when it comes to cyber security and protecting their most important assets. Recognizing that many organizations find it difficult to identify the resources needed for urgent security improvements, we have compiled Free cybersecurity services and tools From government and industry partners to help. Recommended actions include:
Reduce the possibility of malicious hacking
- Verify that all remote access to the enterprise network and privileged administrative access require multi-factor authentication.
- Ensure that the software is up-to-date, prioritizing updates that address Known exploits identified by CISA.
- Ensure that your organization’s IT staff have disabled all ports and protocols that are not necessary for business purposes.
- If the organization uses cloud services, be sure to review and implement IT staff Robust controls outlined in CISA Guidelines.
- sign for Free e-cleaning services from CISAincluding vulnerability scanning, to help reduce vulnerability to threats.
Take steps to detect potential intrusion quickly
- Ensure that your cyber/IT staff is focused on quickly identifying and assessing any unexpected or unusual network behavior. Enable logging to better investigate issues or events.
- Ensure that the entire enterprise network is protected by antivirus / anti-malware software and that the signatures in these tools are updated.
- If you work with Ukrainian organizations, be sure to monitor, check and isolate the traffic from those organizations; Closely review the access controls for this traffic.
Ensure that the organization is prepared to respond in the event of an intervention
- Assign the crisis response team with key focal points for the suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, law and business continuity.
- ensuring availability of key personnel; Determine the means to provide surge support to respond to an incident.
- Perform a table exercise to ensure that all participants understand their roles during the incident.
Maximizing the organization’s resilience in the face of a devastating cyber incident
- Test backup procedures to ensure critical data can be quickly restored if an organization is affected by ransomware or a devastating cyber attack; Ensure that backups are isolated from network connections.
- If you are using industrial or operational technology control systems, test manual controls to ensure that critical functions remain operable if the enterprise network is unavailable or unreliable.
By implementing the above steps, all organizations can make near-term progress towards improving cyber security and resiliency. Additionally, while recent cyber incidents have not been attributed to specific actors, CISA urges cyber/IT security personnel in each organization to review Understand and mitigate Russian state-sponsored cyber threats to critical infrastructure of the United States. CISA also recommends organizations to visit StopRansomware.gov, an all-government central webpage that provides ransomware resources and alerts.
Corporate leaders play an important role in ensuring that their organizations adopt a high security posture. CISA urges all senior leaders, including CEOs, To take the next steps:
Empowering Senior Information Security Officers (CISO): In nearly every organization, security improvements are weighed against the cost and operational risks of the business. In this increasingly threat environment, senior management must empower CIOs by involving them in the decision-making process of risks to the company, and ensuring that the entire organization understands that security investments are a top priority in the near term.
Low reporting thresholds: Every organization should have documented thresholds for reporting potential cyber incidents to senior management and the US government. In this heightened threat environment, these thresholds should be much lower than normal. Senior management should set an expectation that any indications of malicious cyber activity should be reported, even if it is blocked by security controls. email@example.com. Lowering the limits will ensure that we are able to identify the problem immediately and help protect against further attacks or casualties.
Take part in testing response plans: Cyber incident response plans should include not only security and IT teams, but also senior business leaders and board members. If you haven’t done so already, senior management should engage in an exercise at the table to ensure familiarity with how your organization is managing a major cyber incident, not only for your company but also for companies within your supply chain.
Focus on continuity: Recognition of limited resources and investments in security and resiliency should focus on those systems that support critical business functions. Senior management should ensure that such systems are identified and continuity tests are conducted to ensure that critical business functions remain available after the electronic intervention.
plan for the worst While the US government does not have reliable information regarding specific threats to the American homeland, organizations must plan for a worst-case scenario. Senior management must ensure that stringent measures can be taken to protect your organization’s most critical assets in the event of interference, including disconnecting high-impact parts of the network if necessary.
If you have been affected by a ransomware attack, CISA highly recommends using the following Checklist Presented at the Joint CISA and Multi-Country Clearinghouse and Analysis Center (MS-ISAC) ransomware guide to answer. This information will take you through the response process from detection to containment and eradication.
- Define systems They were affected, and immediately isolated.
- Just in case you are unable to disconnect the devices from the network, Shrink it to avoid further spread from being infected with the ransom virus.
- Sort affected systems For restoration and recovery.
- Consult your Incident Response Team for dDevelop and document an initial understanding What happened based on the preliminary analysis.
- Involve your internal and external teams and stakeholders with an understanding of what they can do to help you mitigate, respond to, and recover from the incident.
- Take system image and capture memory for a sample of affected devices (eg workstations, servers).
- Consult federal law enforcement regarding potential decryption tools Available, as security researchers have already cracked the encryption algorithms of some ransomware variants.
For more detailed information, visit StopRansomware.gov and follow the steps on You have been hit by ransomware! page.
Everyone can take simple steps to improve their electronic hygiene and protect themselves online. IIn fact, there are 4 things you can do to keep yourself safe on the Internet. CISA urges everyone to practice:
- Implement multi-factor authentication on your accounts. A password is not enough to keep you safe on the Internet. By implementing a second layer of identification, such as a confirmation text message or email, a code from an authentication app, a fingerprint or face ID, or best yet, FIDO key, you are giving your bank, email provider, or other website you log on with confidence in your identity. Multi-factor authentication can make you 99% less likely to be hacked. So, enable multi-factor authentication on your email, social media, online shopping, and financial services accounts. And don’t forget our streaming gaming and entertainment services!
- Update your software. In fact, turn on automatic updates. Bad actors will exploit flaws in the system. Update the operating system on mobile phones, tablets and laptops. And update your apps – especially web browsers – on all your devices, too. Take advantage of automatic updates for all devices, apps, and operating systems.
- Think before you click. More than 90% of successful cyber attacks start with a phishing email. A phishing scheme occurs when a link or web page looks legitimate, but is a trick designed by bad actors to get you to reveal your passwords, Social Security number, credit card numbers, or other sensitive information. Once they have this information, they can use it on legitimate websites. They may try to convince you to run malware, also known as malware. If it’s a link you don’t know, trust your instincts and think before you click.
- Use strong passwordsIdeally a password manager to create and store unique passwords. Our world is increasingly digital and increasingly interconnected. So, while we must protect ourselves, it takes all of us to protect the systems we all depend on.
cyber security tips
Shared Cyber Security Alert: Protection from Cyber Threats for Managed Service Providers and Their Clients
Joint Cyber Security Consulting: Top Routinely Exploited Vulnerabilities in 2021
Russian state-sponsored criminal cyber threats to critical infrastructure
DOE/CISA/NSA/FBI Cyber Security Advisory: APT Cyber Tools Targeting ICS/SCADA Devices (April 2022)
Alert (AA22-057A) DrDisruptive malware targeting organizations in Ukraine (Feb 2022)
Updated: Conti Ransomware Cyber Security Advisor
CISA Insights: Preparing and Mitigating Foreign Impact Operations Targeting Critical Infrastructure (pdf) (February 2022)
CISA Insights: Implementing Cyber Security Measures Now to Protect Against Potentially Serious Threats (pdf) (January 2022)
Alert (AA22-011A) Understanding and Mitigating Russian State Sponsored Cyber Threats to Critical Infrastructure of the United States (January 2022)
Shields Up Technical Guidance | CISA
Overview of the cyber threat in Russia
cyber preparedness resources
The National Electronic Awareness System
New Federal Government Cyber Security and Vulnerability Response Operating Manuals
Cyber Essentials Toolkits
Cyber Resource Center
CISA Cyber Security Awareness Program Toolkit
Cyber Incident Resource Guide for Governors
COVID-19 Disinformation Toolkit
Free cybersecurity tools and services for the public and private sectors
Catalog of known vulnerabilities
Sources of misinformation, misinformation, and misinformation
MDM Common Control Page Start Guide
war on pineapple