CISA on Russia, Ukraine and Ransomware

According to the U.S. Cybersecurity and Infrastructure Security Agency (“CISA“), the potential hostilities between Russia and Ukraine are likely to spill over into cyber warfare.  In this month’s CISA Insights:

Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. Over the past year, cyber incidents have impacted many companies, non-profits, and other organizations, large and small, across multiple sectors of the economy.  Most recently, public and private entities in Ukraine have suffered a series of malicious cyber incidents, including website defacement and private sector reports of potentially destructive malware on their systems that could result in severe harm to critical functions. The identification of destructive malware is particularly alarming given that similar malware has been deployed in the past—e.g., NotPetya and WannaCry ransomware—to cause significant, widespread damage to critical infrastructure.

To reduce the likelihood of a damaging cyber intrusion, CISA recommends that companies:

  • Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
  • Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
  • Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
  • If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
  • Sign up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.

Leave a Reply

Your email address will not be published.