America's Cybersecurity Agency is Now Urging 'Heightened Posture' Against Russian Cyberattacks (pcmag.com) 29
America's Cybersecurity and Infrastructure Agency (CISA) "says that American companies should be extra wary about potential hacking attempts from Russia as tensions with the country rise," reports PC Magazine:
Even if Russia doesn't invade Ukraine, it has often targeted the country with what Wired has characterized as "many of the most costly cyberattacks in history." Those attacks might not always be confined to Ukraine, however, which is where CISA's new Shields Up campaign comes in.... CISA says that it "recommends all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets." It also says that it's collaborated with its "critical infrastructure partners" to raise awareness of these risks.
The agency wants everyone to "reduce the likelihood of a damaging cyber intrusion," "take steps to quickly detect a potential intrusion," "ensure that the organization is prepared to respond if an intrusion occurs," and "maximize the organization's resilience to a destructive cyber incident." CISA offers advice related to each of those focus areas on its website.
Earlier this week CISA also added 15 "known exploited" vulnerabilities to its catalog, ZDNet reports, in products from Apache, Apple, Jenkins, and Microsoft: The list includes a Microsoft Windows SAM local privilege escalation vulnerability with a remediation date set for February 24. Vulcan Cyber engineer Mike Parkin said the vulnerability — CVE-2021-36934 — was patched in August 2021 shortly after it was disclosed. "It is a local vulnerability, which reduces the risk of attack and gives more time to deploy the patch. CISA set the due date for Federal organizations who take direction from them, and that date is based on their own risk criteria," Parkin said. "With Microsoft releasing the fix 5 months ago, and given the relative threat, it is reasonable for them to set late February as the deadline."
The agency wants everyone to "reduce the likelihood of a damaging cyber intrusion," "take steps to quickly detect a potential intrusion," "ensure that the organization is prepared to respond if an intrusion occurs," and "maximize the organization's resilience to a destructive cyber incident." CISA offers advice related to each of those focus areas on its website.
Earlier this week CISA also added 15 "known exploited" vulnerabilities to its catalog, ZDNet reports, in products from Apache, Apple, Jenkins, and Microsoft: The list includes a Microsoft Windows SAM local privilege escalation vulnerability with a remediation date set for February 24. Vulcan Cyber engineer Mike Parkin said the vulnerability — CVE-2021-36934 — was patched in August 2021 shortly after it was disclosed. "It is a local vulnerability, which reduces the risk of attack and gives more time to deploy the patch. CISA set the due date for Federal organizations who take direction from them, and that date is based on their own risk criteria," Parkin said. "With Microsoft releasing the fix 5 months ago, and given the relative threat, it is reasonable for them to set late February as the deadline."
Rule # 1 Don't Use any Microsoft (Score:3, Informative)
Re: (Score:2)
products in your infrastructure. Rule # 2 See Rule # 1
Not even active directory!??
Re: (Score:3, Insightful)
Rule #1 is: Don't connect critical infrastructure to the internet.
Violations are punishable by mandatory viewings of that awful 1995 Hackers movie.
Re:Pfft. (Score:4, Informative)
The Cold Wat never ended, just the names have changed (slightly).
Re: (Score:3)
an EMP only nuke can wipe out an big part of ussr (Score:2)
an EMP only nuke can wipe out an big part of ussr
Re: (Score:2)
sorry not meant to offend, not sure what the corrupt criminals Putin leads are calling themselves these days.
Pray for the day the Russian people cast off the final criminal yoke of their experiment with communism.
Re:an EMP only nuke can wipe out an big part of us (Score:4, Informative)
Unfortunately, due to the ramifications of the inverse square law and how it applies to electro-magnetic radiation, far more than a single nuke would be required for that.
WTF? (Score:5, Insightful)
Considering the shitstorm of ransomware and hacks over the last several years, exactly when WASN'T my organization supposed to be on "hightened alert"?
Did I miss a memo? Did the criminals, script kiddies, nation states, anarchists, and griefers take a week or two off in the last decade and I miss a golden opportunity for a vacation?
As far as Russians vs Chinese vs Iranians, etc. why exactly do I care? They all fall into the same category of "adversaries with almost unlimited resources -- pray they aren't targeting me specifically". At no time have I ever found a "Chinese, Russian, North Korean, Iranian" dial or switch in any security software. I got news for CISA -- we don't do ANYTHING different based on the nationality of potential adversaries. We try and watch ALL OF IT, ALL THE TIME. Are they expecting something out of the 1960s CIA and me to have a "China Desk" and "Russia Desk" in my SOC?
All this nationality shit honestly is just there to make people feel like they're involved in something important. If my org gets hacked the Board of Directors isn't going to go "Oh, it was the Iranians. That's not so bad, then. At least it wasn't the Russians."
Re: (Score:2)
Nationality might only matter in the context of the scale of resources and the targets of interest.
As for different approaches, well... we are looking at how we can support operations in a semi-disconnected state, and added measures to lockdown external access. With WFH it is far from perfect, but we have a few less holes.
Re:WTF? (Score:5, Insightful)
As far as Russians vs Chinese vs Iranians, etc. why exactly do I care?
You don't. But under the circumstance the Russians are the most immediate concern. If Putin invades Ukraine and the US responds, Putin will politically have to respond to that response. He cannot really respond to any *military* action the US takes with similar force, but anything short of that he will need to match or exceed whatever reaction we take. If the US freezes Russian financial assets, he will need to banks attacked etc. There may be some opportunistic shit-stirring by friend-to-neither-of-us China, but in practical terms that doesn't change the scope of the defense that should be mounted.
Did the criminals, script kiddies, nation states, anarchists, and griefers take a week or two off in the last decade and I miss a golden opportunity for a vacation?
Humans are basically just particularly nasty apes. We can't work ourselves up to do anything about abstract problems like climate change, demographic collapse, or stochastic hacking, but put a face on a problem and people will line up to fight the war.
Re: (Score:2)
If Putin invades Ukraine
He won't.
and the US responds
They won't. Biden won't send any troops into Ukraine.
Re: (Score:2)
I don't think Biden will use troops either; that's just the extreme scenario. What Biden will do is put together some kind of package of economic sanctions, and Russia will respond as best it can to hit US economic activity through information warfare.
I don't think anyone can predict what Putin will do with any confidence. In an authoritarian state, government is highly subject to agency costs. That is to say, Putin's interests are not Russia's interests. That's true of every leader, but in an authoritar
Re: WTF? (Score:2)
5 months to deploy a security patch is too long... (Score:2)
Its 2022 and Microsoft has a good update system in place (including things for even the biggest organizations). In what universe should it be taking 5 months to deploy a security fix exactly?
Re: 5 months to deploy a security patch is too lon (Score:2)
so cut them off (Score:1)
DROP (dont route or peer)
go look at who they peer with, its all EU/US telecom companies, i guess they cant resist that sweet Russian cash, not to mention RIPE could make them disappear tomorrow, let APNIC have them
Cuban missile crisis (Score:2)
Opinion: Can you hear them? (Score:3)
The last time I heard the drums of war beat this loudly we invaded Iraq because a bunch of Saudis led by a guy living in Pakistan trained in a camp in Afghanistan and then flew airplanes into buildings here in the US. That mistake cost us a couple of decades and a lot of lives. Let's not make that mistake again.
I don't want war with Russia, and Russia doesn't want war with us. The whole issue of contention is we're trying to get Ukraine to join NATO. That's not ok. That would be comparable to Russia trying to get Mexico to join the USSR. We would have shit bricks over that, and Russia is right to be doing the same.
Re: (Score:1)
That's false, we are not trying to get Ukraine to join NATO, it's actually been stated that NATO would refuse any such attempt. Putin's failed policies are coming back to haunt him, and he needs some distraction to take attention away from the economy and boost his popularity like the last time he invaded another country. This entire issue on on Putin and Russia, no matter what the trolls and authoritarian fan-boys say.