Lucene search

K
thnThe Hacker NewsTHN:3E9680853FA3A677106A8ED8B7AACBE6
HistoryJan 12, 2022 - 9:14 a.m.

FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure

2022-01-1209:14:00
The Hacker News
thehackernews.com
319

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Critical Infrastructure

Amid renewed tensions between the U.S. and Russia over Ukraine and Kazakhstan, American cybersecurity and intelligence agencies on Tuesday released a joint advisory on how to detect, respond to, and mitigate cyberattacks orchestrated by Russian state-sponsored actors.

To that end, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) have laid bare the tactics, techniques, and procedures (TTPs) adopted by the adversaries, including spear-phishing, brute-force, and exploiting known vulnerabilities to gain initial access to target networks.

The list of flaws exploited by Russian hacking groups to gain an initial foothold, which the agencies said are “common but effective,” are below —

“Russian state-sponsored APT actors have also demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing and deploying custom malware,” the agencies said.

“The actors have also demonstrated the ability to maintain persistent, undetected, long-term access in compromised environments — including cloud environments — by using legitimate credentials.”

Russian APT groups have been historically observed setting their sights on operational technology (OT) and industrial control systems (ICS) with the goal of deploying destructive malware, chief among them being the intrusion campaigns against Ukraine and the U.S. energy sector as well as attacks exploiting trojanized SolarWinds Orion updates to breach the networks of U.S. government agencies.

To increase cyber resilience against this threat, the agencies recommend mandating multi-factor authentication for all users, looking out for signs of abnormal activity implying lateral movement, enforcing network segmentation, and keeping operating systems, applications, and firmware up to date.

“Consider using a centralized patch management system,” the advisory reads. “For OT networks, use a risk-based assessment strategy to determine the OT network assets and zones that should participate in the patch management program.”

Other recommended best practices are as follows —

  • Implement robust log collection and retention
  • Require accounts to have strong passwords
  • Enable strong spam filters to prevent phishing emails from reaching end-users
  • Implement rigorous configuration management programs
  • Disable all unnecessary ports and protocols
  • Ensure OT hardware is in read-only mode

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Related for THN:3E9680853FA3A677106A8ED8B7AACBE6