CISA, FBI Warn of Ongoing Russian Cyber Threats to Critical Infrastructure | Digital Guardian

The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

CISA, FBI Warn of Ongoing Russian Cyber Threats to Critical Infrastructure

by Chris Brook on Thursday January 13, 2022

Contact Us
Free Demo
Chat

Federal agencies are reiterating the looming threat of Russian state-sponsored cyber threats to U.S. critical infrastructure this week

New advisories issued by US and British governments this week are aiming to curb Russian state-sponsored cyber threats against critical infrastructure.

A warning on Tuesday from the Cybersecurity & Infrastructure Security Agency and Department of Homeland Security, issued alongside the National Security Agency and the Federal Bureau of Investigation, called on critical infrastructure network defenders in particular to pay special attention to Russian hacking, whether it’s through their normal day to day activities, like threat hunting or incident response.

In its Cybersecurity Advisory, CISA gave defenders tips for improving functional resilience, listed a slew of vulnerabilities commonly used by Russian hackers to gain initial access and pivot from, previous examples of Russian cyber intrusion campaigns and malware that have successfully targeted US entities, and TTPs (tactics, techniques, and procedures) commonly observed.

If you’re tasked with defending a network, you’ve no doubt heard of the CVEs that CISA is encouraging users patch – many showed up on its Binding Operational Directive, Reducing the Significant Risk of Known Exploited Vulnerabilities, last November:

• CVE-2018-13379 FortiGate VPNs
• CVE-2019-1653 Cisco router
• CVE-2019-2725 Oracle WebLogic Server
• CVE-2019-7609 Kibana
• CVE-2019-9670 Zimbra software
• CVE-2019-10149 Exim Simple Mail Transfer Protocol
• CVE-2019-11510 Pulse Secure
• CVE-2019-19781 Citrix
• CVE-2020-0688 Microsoft Exchange
• CVE-2020-4006 VMWare (note: this was a zero-day at time.)
• CVE-2020-5902 F5 Big-IP
• CVE-2020-14882 Oracle WebLogic
• CVE-2021-26855 Microsoft Exchange

Some of the previous hacking examples that CISA gives include details on dozens of government and aviation networks that Russian hackers successfully compromised from September to December 2020 along with hacks from 2011 to 2018 that granted Russian hackers access to energy networks. In both scenarios, attackers managed to not only compromise networks but steal and exfiltrate data.

The National Cyber Security Centre, part of the UK's GCHQ, echoed CISA’s recommendations on Wednesday, urging organizations there to follow advice set out in the advisory.

The NCSC also pushed critical infrastructure organizations to:

• Patch all systems and prioritize patching known exploited vulnerabilities
• Implement multi-factor authentication
• Use antivirus software

The warnings come amid pressure as Russia tries to prevent Ukraine from joining NATO. Following two diplomatic talks this week, the country has still not fully committed to de-escalate its presence on the Ukrainian border. Last month, per US intelligence, Russia was planning a military offensive against Ukraine, something that could involve 175,00 troops.

In what could be a logical progression, the United States is hinting that the heightened drama could soon translate to tension online and urging those who oversee critical infrastructure to be ready.

As Chris Krebs, the former director of CISA tweeted yesterday: “…here’s how I read this: ‘State and NSC are in Geneva right now trying to keep the Russians out of Ukraine, but in case that doesn’t work, you might want to prepare for badness and here’s how Russian cyber operators do business…’”

Tags: Vulnerabilities, hacking

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.