The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to all organizations in the United States to raise their shields to prevent damaging cyber intrusions. Over the past year, organizations, non-profits, and companies of all sizes have suffered cyberattacks across multiple industry sectors.
Cyberattacks have the potential to disrupt business functions and essential services, and in the case of cyberattacks on healthcare organizations and other critical infrastructure entities, have the potential to have an impact on public safety. Attacks are being conducted by a broad range of threat actors, including nation-state hackers, and cybercriminal organizations for financial gain, to put pressure on the government and military, to gain a competitive advantage, or even simply for fun.
The current tension between Russia and Ukraine has raised the threat level. Russia is well known to use cyberattacks to help achieve political objectives, and cyberattacks on Ukraine, entities with ties to the country, and allies of Ukraine are a real risk, especially attacks on critical infrastructure. Russia has form in this area and has previously attempted to disable or destroy critical infrastructure to pressure governments and destabilize countries.
“While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine,” explained CISA.
The cybersecurity alert provides recommendations on how to reduce the likelihood of a damaging cyber intrusion, how to prepare for an attack to ensure a rapid response is possible, and recommendations for improving resilience to destructive cyberattacks.
Critical Infrastructure Entities Warned of Increased Risk of Ransomware Attacks
CISA has also recently issued a warning about the increased risk of ransomware attacks on critical infrastructure entities. The joint cybersecurity advisory from CISA, the FBI, NSA, and cybersecurity agencies in the United Kingdom and Australia, details ransomware attack trends over the past 12 months. CISA said ransomware attacks have been observed in 14 of the 16 critical infrastructure sectors in the past year, and ransomware threat actors have demonstrated their growing technological sophistication and pose a threat to organizations globally.
Ransomware gangs are using diverse tactics to gain access to victims’ networks, including phishing, stolen RDP credentials, brute force tactics, and the exploitation of vulnerabilities. Ransomware gangs have also become more professional and are acting more like legitimate businesses than cybercriminal groups and are outsourcing certain functions to specialists who assist with negotiating payments and providing support to victims through 24/7 helplines to help them make payments.
Early in 2021, ransomware gangs were focused on big money targets; however, the increased scrutiny placed on ransomware gangs following the attacks on Kaseya, JBS Foods, and Colonial Pipeline saw a shift in targets, with attacks on mid-sized organizations favored in the second half of the year.
The alert provides recommendations on the mitigations that can be implemented to prevent ransomware attacks and limit their severity.