The White House warned of the threat of cyber attacks against United States infrastructure, companies, and individuals in a briefing on Thursday given by Anne Nueberger, Deputy National Security Advisor for Cyber and Emerging Technologies. In her briefing, Nueberger highlighted the fact that the FBI and CISA have released an advisory with specific steps organizations and individuals can take immediately.
CISA – FBI Warning Re CYBER ATTACKS
The joint alert, “Ransomware Awareness for Holidays and Weekends” points out how the two organizations have “observed an increase in highly impactful ransomware attacks occurring on holidays and weekends – when offices are normally closed in the United States.”
FSOs will be well served to ensure their personnel, especially their Information Systems Security Officer (ISSO) are availed the guidance. They advise “identifying IT security employees available and “on call” during these times” and “engage in preemptive threat hunting on their networks.”
The key components of such an effort include:
- Understand the IT environment’s routine activity and architecture by establishing a baseline.
- Review data logs.
- Employ intrusion prevention systems and automated security alerting systems.
- Deploy honeytokens.
- Indicators of suspicious activity that threat hunters should look for include:
- Unusual inbound and outbound network traffic,
- Compromise of administrator privileges or escalation of the permissions on an account,
- Theft of login and password credentials,
- Substantial increase in database read volume,
- Geographical irregularities in access and log in patterns,
- Attempted user activity during anomalous logon times,
- Attempts to access folders on a server that are not linked to the HTML within the pages of the web server, and
- Baseline deviations in the type of outbound encrypted traffic since advanced persistent threat actors frequently encrypt exfiltration.
In addition, ISSOs should ensure they have an offline backup of data, continue ongoing education on not to “click” suspicious links, and if remote desktop protocols are used to ensure these are secured and monitored.
“Ransomware continues to be a national security threat and a critical challenge, but it is not insurmountable,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “With our FBI partners, we continue to collaborate daily to ensure we provide timely, useful and actionable advisories that help industry and government partners of all sizes adopt defensible network strategies and strengthen their resilience. All organizations must continue to be vigilant against this ongoing threat.”
Deputy National Security Advisor advice re CYBER ATTACKS
Neuberger called on executives “to please bring together your leadership teams and run through this set of activities to ensure your organizations are as secure as they need to be before the holiday weekend.”
- Update and patch software
- Ensure strong passwords are in place (encourage key individuals to change their passwords today)
- Ensure multifactor authentication is in place
- Review your incident response plan
- Have up-to-date backups which are segregated from your network.
The Administration, according to Neuberger, has pulled the intelligence community together to track any and all threats. In addition, they have brought together, “agencies across the government, including key ones like FBI and CISA, to ensure they were fully postured and fully prepared to be on staff and noting any signs of any incidents.”
She concludes with an appeal to “all Americans, organizations to do the steps they need to do to be as safe as possible in advance of what may be an increased threat, as we’ve seen in history — for the reasons I noted — during the holiday weekend.”