FBI and CISA Alert Business Owners to Malicious Russian-Sponsored Cyberattacks
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI recently issued a joint cybersecurity advisory with technical details, mitigations, and resources regarding the ability of Russia's state-sponsored cyber actors.
In the alert, the CISA warns business owners about the hackers’ ability to gain network access through exploitation of default multifactor authentication (MFA) protocols and a known Windows vulnerability.
For example, the Russian state-sponsored cybercriminals recently took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization, allowing them to enroll a new device for MFA and access the victim’s network.
The hackers then exploited the critical Windows vulnerability “PrintNightmare” to run arbitrary code with system privileges, and then were able to access cloud and email accounts for document exfiltration.
The FBI and CISA urge all organizations to take immediate action to protect against this and other malicious activities and apply recommended mitigations such as:
- Enforce MFA for all users, without exception, and ensure it is properly configured to protect against “fail open” and re-enrollment scenarios;
- Implement time-out and lock-out features;
- Disable inactive accounts;
- Update software, prioritizing known exploited vulnerabilities;
- Monitor network logs continuously for suspicious activity; and
- Implement security alerting policies.
Russia’s invasion of Ukraine, which has involved cyberattacks on the Ukrainian government and critical infrastructure, could impact organizations beyond the region, including the U.S. homeland.
With a protective measure initiative titled “Shield’s Up,” the CISA is responding to ongoing, disruptive cyber activities in connection with Russia’s attacks by documenting information on Russian threat actors, ransomware, destructive malware, distributed denial of service (DDoS) attacks, and more.
To learn more about “Shield’s Up,” including recent updates to the advisory, please visit the CISA website.
Help is available
The attorneys at O’Reilly Rancilio are available to answer your questions regarding cybersecurity threats. For more information, please call 586-726-1000 or visit our website.