Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.
As the Russia-Ukraine conflict unfolds, the U.S. government and companies across the country are bracing for cyberattacks. The United States Department of Homeland Security has issued a warning to U.S. businesses to be on high alert and prepared for potential cyberattacks from Russia, to defend their critical assets. The Cybersecurity and Infrastructure Security Agency (CISA) urges that everyone be laser-focused on resilience, “ensuring preparedness and a rapid, coordinated response to mitigate the impact of such disruptions on our national security, economic prosperity, or public health and safety.”
David Ring, a senior FBI cyber official concurs, recommending that U.S. businesses and local governments be vigilant against potential ransomware attacks. According to CNN, the United States could see “a possible increase in cyber threat activity” from Russian state-backed hackers as a result of the recent sanctions President Biden has applied against Russia. “Without a doubt, the Russian state has sophisticated cyber capabilities with a track record of havoc,” writes Wired. CNN Business concurs, “Russia has shown an ability to cause significant disruption.”
CISA Launches #ShieldsUp Campaign
CISA has launched Shields Up, a campaign to encourage organizations to adopt a heightened cybersecurity posture and protect critical assets. It offers this guidance:
Reduce the likelihood of a damaging cyber intrusion
- Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
- Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
- Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
- If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
Take steps to quickly detect a potential intrusion
- Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
- Confirm that the organization’s entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
- If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.
Ensure that the organization is prepared to respond if an intrusion occurs
- Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business continuity.
- Assure availability of key personnel; identify means to provide surge support for responding to an incident.
- Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.
Maximize the organization’s resilience to a destructive cyber incident
- Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections.
- If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.
How to Improve Your Defenses Now
According to Danny Palmer, senior reporter at ZDNet, DDoS attacks and wiper malware were among the cyber threats that targeted Ukrainian government ministries, banks, media, and other services. Cyber-attacks have international consequences according to Lindy Cameron, CEO of the National Cyber Security Centre (NCSC). ZDNet’s Palmer outlines 10 steps that NCSC recommends to improve your defenses now:
1. Apply patches and security updates. Many cyber-attacks actively look to exploit unpatched software as an easy backdoor into networks. Devices and software with known security vulnerabilities should be patched immediately.
2. Use strong passwords. Users should be urged not to use common, easy-to-guess passwords.
3. Use multi-factor authentication (MFA). MFA provides an additional barrier to cyber-attacks and should be applied to all users. The benefit of multi-factor authentication is that even if a username and password have been stolen or correctly guessed, it’s still very difficult for attackers to access the account.
Teach phishing awareness. Many cyber-attacks start with phishing emails and staff should be trained in how to identify some of the most common techniques cyber attackers use, as well as how to report phishing emails for further investigation.
5. Use antivirus software and ensure that it works. Antivirus software and firewalls can help to detect suspicious links, malware and other threats distributed by cyber-attacks and they should be installed on every device.
6. Know your network. You can’t defend your network if you don’t know what’s on it, so information security teams should actively be able to identify all devices and users on the network — as well as be able to detect potentially suspicious activity.
7. Back up your network — and regularly test backups. Backups are a vital component to ensuring cyber resilience and they can play a big role in minimizing disruption in the event of a cyber-attack, particularly ransomware or wiper malware. Backups should be made at regular intervals; a copy of the backups should be stored offline and they should be regularly tested to make sure they work.
8. Be mindful of third-party access to your network and supply chains. Managing IT networks can be complex, sometimes requiring organizations to bring in outside help, providing non-regular users with high-level access. Organizations should have a comprehensive grasp of what access outside users can have and be mindful of removing security controls.
9. Have an incident response plan. Even if organizations have followed all of the relevant advice, they should still draw up a plan of how to react in the event of a cyber-attack. For example, if the network is down, how will they communicate a response?
10. Brief the wider organization about cyber threats. It’s the job of information security to know about cyber-attacks and how to deal with them, but all staff should be aware of the importance of cybersecurity and be made aware of how to report suspected security events.
2022 Small Business Cybersecurity Series
Did you hear about the 2022 Small Business Cybersecurity Series? The Technology Association of Oregon (TAO), Oregon Small Business Development Center, and Mount Hood Community College, are presenting virtual sessions to learn about the fundamentals of cybercrime and cybersecurity to better protect your business. F.B.I. Special Agent Phil R. Slinkard led the first session, Preparing for a Cyber Incident. These sessions will be held on the 4th Tuesday of every month, February through September 2022.
Cyber Oregon sponsor blog post of interest: Crowdstrike: 2022 Global Threat Report: A Year of Adaptability and Perseverance