[BreachExchange] Companies 'foolish' to not beef up cybersecurity amid Russia tensions: DOJ official

[Terrell Byrd]

https://abc30.com/companies-foolish-to-not-beef-up-cybersecurity-amid-russia-tensio/11574681/

A top Justice Department official issued a stark warning Thursday to
companies in the U.S. and abroad, calling on them to immediately shore up
their cybersecurity defenses amid a potential Russian invasion of Ukraine.

"Given the very high tensions that we are experiencing, companies of any
size and of all sizes would be foolish not to be preparing right now as we
speak -- to increase their defenses, to do things like patching, to
heighten their alert systems, to be monitoring in real-time their
cybersecurity," deputy attorney general Lisa Monaco said in remarks at the
Munich Cybersecurity Conference. "They need to be as we say, 'shields up'
and to be really on the most heightened level of alert that they can be and
taking all necessary precautions."

Monaco said the threat was in no way "hypothetical," citing the devastating
NotPetya cyberattack in 2017 that started in Ukraine before spreading
globally and causing billions of dollars worth of damage.

"I think cybercriminals need to know that -- and cyber malicious actors
need to know -- that attacks on critical infrastructure are unacceptable
and will be met with response," Monaco said.

It comes as various U.S. agencies warned earlier this week of a cyberattack
happening at the same time as a potential Russian invasion of Ukraine.

On a call with state and local officials on Monday, top cybersecurity
officials from the Department of Homeland Security and FBI warned of
potential attacks on U.S. cyber infrastructure in concert with a physical
invasion of Ukraine, according to a person familiar with the call.

Last Friday, DHS explicitly warned of Russian cyber-attack and made a
veiled mention at the ongoing geopolitical climate.

"The Russian government has used cyber as a key component of their force
projection over the last decade, including previously in Ukraine in the
2015 timeframe," the Cybersecurity and Infrastructure Security Agency
(CISA) warned in an online post. "The Russian government understands that
disabling or destroying critical infrastructure-including power and
communications-can augment pressure on a country's government, military and
population and accelerate their acceding to Russian objectives."

Ukrainian officials believed they were already the victim of a Russian
cyber-attack earlier this year, when suspected Russian hackers defaced
Ukrainian government websites, according to officials.

Wednesday, the FBI, CISA and the National Security Agency are warned
defense contractors of that Russian state sponsored actors continue to
attempt and exploit their networks.

>From 2020 to at least February 2022, Russian state sponsored cyber actors
have targeted U.S. cleared defense contractors, according to Wednesday's
joint release. The agencies say Russians have targeted various sectors in
the defense and intelligence world including intelligence, weapons and
missile development and software development.

The agencies warn that Russian threat actors use Microsoft 365 to first
enter the system and gain official credentials and then send malware to
compromise devices without the person knowing.

"Historically, Russian state-sponsored cyber actors have used common but
effective tactics to gain access to target networks, including spear
phishing, credential harvesting, brute force/password spray techniques, and
known vulnerability exploitation against accounts and networks with weak
security," the joint bulletin says.

"These continued intrusions have enabled the actors to acquire sensitive,
unclassified information, as well as CDC-proprietary and export-controlled
technology," the FBI, NSA and CISA said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220218/616cc44d/attachment.html>