White House Shares Checklist to Counter Russian Cyberattacks
The White House is urging U.S. organizations to shore up their cybersecurity defenses after new intelligence suggests that Russia is preparing to conduct cyberattacks in the near future.
With the U.S. imposing strict sanctions against Russia and aiding Ukraine in the war, the White House is expecting the Kremlin to retaliate with cyberattacks against critical infrastructure and U.S. interests.
While Ukraine has been subject to many cyberattacks, there have been no known Russian state-sponsored attacks against the USA since the invasion of Ukraine.
However, yesterday, the White House and Deputy National Security Advisor Anne Neuberger began urging U.S. companies to increase their cybersecurity defenses after new intelligence indicates Russia is performing “preparatory activity” for potential cyberattacks.
“So, we’ve given a number of threat warnings over the last number of weeks that Russia could consider conducting cyberattacks in response to the very significant economic costs the U.S. and partners have put on Russia in response,” Neuberger shared in press briefing yesterday.
“This speaks to evolving threat intelligence and a potential shift in intention to do so.”
Neuberger says that this “preparatory activity” includes typical activity seen before a cyberattack, such as network scanning, vulnerability scanning, and exploring defenses for corporate networks.
Neuberger says that the U.S. government had conducted classified briefings with 100 companies last week to share sensitive threat intelligence and information, with many likely private companies operating critical infrastructure.
Critical Infrastructure in the USA is a broad range of sixteen different industries, including energy, transportation, communications, healthcare, emergency services, food and agriculture, and information technology.
White House releases cybersecurity checklist
Yesterday, the White House also released a cybersecurity checklist containing steps organizations should use to shore up their cyber defense.
“The U.S. Government will continue our efforts to provide resources and tools to the private sector, including via CISA’s Shields-Up campaign and we will do everything in our power to defend the Nation and respond to cyberattacks,” the Biden-Harris administration said in a cybersecurity fact sheet released yesterday.
“But the reality is that much of the Nation’s critical infrastructure is owned and operated by the private sector and the private sector must act to protect the critical services on which all Americans rely.”
The list of steps that the White House says all US organizations should apply with urgency are below:
- Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system;
- Deploy modern security tools on your computers and devices to continuously look for and mitigate threats;
- Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors;
- Back up your data and ensure you have offline backups beyond the reach of malicious actors;
- Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
- Encrypt your data so it cannot be used if it is stolen;
- Educate your employees to common tactics that attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly; and
- Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents. Please encourage your IT and Security leadership to visit the websites of CISA and the FBI where they will find technical information and other useful resources.
It is important to note that performing these steps will protect your network against cyberattacks of all types, not just those sponsored by Russia, including ransomware and data extortion attempts.
Threat actors commonly collect and sell stolen login credentials on dark web marketplaces that other threat actors then use to breach corporate networks.
By utilizing multi-factor authentication, an organization can prevent most attacks that use these stolen credentials.
The other typical avenue threat actors use to breach corporate network is to exploit vulnerabilities in routers, firewalls, and servers exposed to the Internet.
Due to this, it is vital for all organizations, big and small, to apply security updates for their devices as soon as they are released.
Furthermore, organizations should not expose servers to the Internet and instead put them behind a VPN to prevent threat actors from targeting them.
Increasing a network’s security posture is not easy and can be expensive. However, the alternative is likely to be far worse if you are forced to restore servers, suffer a data breach, or find that your data is encrypted.