- March 3, 2022
- Tag: Federal
Due to escalated geopolitical tensions between Russia and Ukraine, several U.S. critical infrastructures are at risk of becoming targets of cyberattacks by Russia-sponsored actors. Over the years, cybersecurity experts have observed that Russian state-sponsored advanced persistent threat (APT) actors are equipped with increasingly sophisticated cyberattack capabilities to develop customized malware and compromise third-party infrastructures on-premise and within cloud-based environments.
In tandem with ongoing cybersecurity alerts, advisories, and notifications from US government agencies, this article aims to create situational awareness for GoldSky’s clients, prospects, and partners. Thus, this article shares detective, preventive, and corrective security controls and security best practices that your organization should implement to strengthen its cybersecurity posture at this critical juncture.
Read on to fully understand the effects of observed tactics, techniques, and procedures (TTPs), incident response guidance, and mitigative controls to reduce the risks presented by Russian state-sponsored cyber operations.
Industries at Risk of Compromise by Russian State-Sponsored Attackers
Russian state-sponsored APT actors have proven capable of deploying common tactics for flexible cyberattacks, including spear phishing, brute force, and compromising system vulnerabilities within critical infrastructures. They have targeted various global industries and sectors worldwide, both in public and private sectors—including financial services, water supply, wastewater management, healthcare, aerospace, defense industrial base, energy market, and national security and intelligence.
Below are some critical U.S. industries at risk of compromise by Russian state-sponsored attackers:
Financial Services Sector
Due to the COVID-19 pandemic, many financial services companies changed their internal business processes and automated numerous processes by leveraging cloud services. As a result, many critical operations became virtual, thus making it easier for threat actors to compromise system vulnerabilities and access sensitive financial data. Additionally, the presence of a wide variety of data points, applications, and high-tech devices within financial services institutions could allow Russian state-sponsored threat actors to damage, disrupt, and destabilize financial operations that are essential to the U.S. economy.
Hospitals and healthcare providers are among the most attractive targets for cyber attackers in the United States and worldwide because of the amount of sensitive personally identifiable information (PII) they possess and their reliance on vulnerable, antiquated operating systems and other technologies.
Moreover, healthcare services are subject to extensive federal regulation, so they often have more concerns about data privacy than companies in other industries. Hospitals also treat patients with susceptible records that cybercriminals can use to commit identity theft.
Defense Industrial Base (Federal Contractors) Sector
The defense industrial base is attractive to cyber attackers because it possesses many essential data to maintain U.S. national security assets. In addition, the Defense Industrial Base (DIB) network is an information-sharing mechanism for monitoring, collecting, and transferring sensitive information about malicious actors and their tactics, techniques, and procedures (TTPs). Finally, the business is extensive and profitable, and many private companies or organizations are buying or selling weapons, devices, and technology.
Cybersecurity Concerns and Best Practices for Enhancing Cyber Posture
According to the U.S. Cyber Incident Awareness Training and Requirements (CISA), the FBI and the NSA, all organizations are all organizations must adopt the following procedures to boost their resilience to cyberattacks:
- Create an internal contact list for each subgroup in your organization. Then, in an emergency, create a contact list, assign the primary point-of-contact for every subcategory, and make staff aware of policies and procedures for reporting an incident.
- Proactively protect your organization by identifying security controls gaps and enforcing a surge support program for high traffic days and seasons. For example, organizations with critical infrastructure are typically vulnerable to cybercriminal activities on weekends and holidays when coverage lapses are present.
- Ensure that security management teams proactively monitor indicators of compromise (IOCs) and TTPs to comprehend the difference between normal and abnormal systems behavior.
- Implement multi-factor authentication for everyone in the organization.
- Be prepared to implement the least privilege rule and need-to-know protocols to help maintain data integrity.
- Identify and examine potentially unusual system activities by leveraging network traffic detection and monitoring tools. More importantly, monitor and analyze host-based logs and EDR tools on the premises.
- Prioritize identifying and patching known system weaknesses, especially those highlighted by Common Vulnerability and Exposure (CVEs) lists and other U.S. government agencies like Cybersecurity and Infrastructure Security Agency (CISA).
As cyberattacks increase in frequency and sophistication, the need to protect critical systems becomes critical. Therefore, organizations must devote the resources necessary to build and maintain cyber resilience. Not surprisingly, during times of geopolitical tension, rogue nation-states rely on poor cybersecurity postures as a vehicle to deploy malicious artifacts. For instance, the geopolitical conflict between Ukraine and Russia increases the potential risk to U.S critical infrastructures, leading to life-threatening results. Based on observed behaviors from Russia state-sponsored attackers, customized malware targets banks and financial institutions, defense and military assets, healthcare institutions, etc.
Organizations of all sizes must proactively collaborate with knowledgeable cybersecurity experts to help identify known and unknown cyber-threats that could impact critical operations. Also, understanding the type of security controls to implement helps prevent unauthorized access that could lead to damages worth millions of dollars.