An official website of the United States government
US-CERT Report Cyber Issues Subscribe
 
Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners. Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks. Every organization—large and small—must be prepared to respond to disruptive cyber incidents. As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks. When cyber incidents are reported quickly, we can use this information to render assistance and as warning to prevent other organizations and entities from falling victim to a similar attack.
 
CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. Recognizing that many organizations find it challenging to identify resources for urgent security improvements, we’ve compiled free cybersecurity services and tools from government partners, and industry to assist. Recommended actions include:
By implementing the steps above, all organizations can make near-term progress toward improving cybersecurity and resilience. In addition, while recent cyber incidents have not been attributed to specific actors, CISA urges cybersecurity/IT personnel at every organization to review Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure. CISA also recommends organizations visit StopRansomware.gov, a centralized, whole-of-government webpage providing ransomware resources and alerts.
 

Corporate leaders have an important role to play in ensuring that their organization adopts a heightened security posture. CISA urges all senior leaders, including CEOs, to take the following steps:
Empower Chief Information Security Officers (CISO): In nearly every organization, security improvements are weighed against cost and operational risks to the business. In this heightened threat environment, senior management should empower CISOs by including them in the decision-making process for risk to the company, and ensure that the entire organization understands that security investments are a top priority in the immediate term.  
Lower Reporting Thresholds: Every organization should have documented thresholds for reporting potential cyber incidents to senior management and to the U.S. government. In this heightened threat environment, these thresholds should be significantly lower than normal. Senior management should establish an expectation that any indications of malicious cyber activity, even if blocked by security controls, should be reported to [email protected]. Lowering thresholds will ensure we are able to immediately identify an issue and help protect against further attack or victims.  
Participate in a Test of Response Plans: Cyber incident response plans should include not only your security and IT teams, but also senior business leadership and Board members. If you’ve not already done, senior management should participate in a tabletop exercise to ensure familiarity with how your organization will manage a major cyber incident, to not only your company but also companies within your supply chain.  
Focus on Continuity: Recognizing finite resources, investments in security and resilience should be focused on those systems supporting critical business functions. Senior management should ensure that such systems have been identified and that continuity tests have been conducted to ensure that critical business functions can remain available subsequent to a cyber intrusion.  
Plan for the Worst: While the U.S. government does not have credible information regarding specific threats to the U.S. homeland, organizations should plan for a worst-case scenario. Senior management should ensure that exigent measures can be taken to protect your organization’s most critical assets in case of an intrusion, including disconnecting high-impact parts of the network if necessary.
 
Ransomware Response

If you have experienced a ransomware attack, CISA strongly recommends using the following checklist provided in a Joint CISA and Multi-State Information Sharing and Analysis Center (MS-ISAC) Ransomware Guide to respond. This information will take you through the response process from detection to containment and eradication. 
For more detailed information, visit the StopRansomware.gov website, and follow the steps on the I’ve Been Hit by Ransomware! page.
 
Steps You Can Take to Protect Yourself

Every individual can take simple steps to improve their cyber hygiene and protect themselves online. In fact there are 4 things you can do to keep yourself cyber safe. CISA urges everyone to practice the following: 
Joint Cybersecurity Alert: Protecting Against Cyber Threats to Managed Service Providers and their Customers
Joint Cybersecurity Advisory: 2021 Top Routinely Exploited Vulnerabilities
Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
Alert (AA22-057A) Destructive Malware Targeting Organizations in Ukraine (February 2022)
Updated: Conti Ransomware Cybersecurity Advisory
CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure (pdf) (February 2022)
CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats  (pdf) (January 2022)
Alert (AA22-011A) Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure (January 2022)
Shields Up Technical Guidance | CISA
Russia Cyber Threat Overview and Advisories
National Cyber Awareness System 
New Federal Government Cybersecurity Incident and Vulnerability Response Playbooks
Cyber Essentials Toolkits 
Cyber Resource Hub 
CISA Cybersecurity Awareness Program Toolkit
Cyber Incident Resource Guide for Governors
COVID-19 Disinformation Toolkit
Free Public and Private Sector Cybersecurity Tools and Services
Known Exploited Vulnerabilities Catalog
MDM Rumor Control Page Start-Up Guide
War on Pineapple
Priority Telecommunications Fact Sheet (.pdf, 337.37kb)
Priority Telecommunications Eligibility Fact Sheet (.pdf, 684.49kb)
 
Was this webpage helpful?  Yes  |  Somewhat  |  No
Need CISA’s help but don’t know where to start? Contact CISA Central

source

Leave a Reply

Your email address will not be published.