The US Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) today published a bulletin for senior leaders of US organizations to “immediately implement” a list of specific security steps.
The CISA Insights bulletin comes on the heels of a joint advisory it issued along with the FBI and NSA on Jan. 11 on how to detect, respond to, and mitigate cyberattacks from Russian state-sponsored hacking groups. Today’s guidance comes amid rising diplomatic tensions between the US and Russia, and Russia’s saber-rattling toward Ukraine.
CISA said US organizations of all sizes should “take urgent, near-term steps to reduce the likelihood and impact of a potentially damaging
compromise.” Specifically, they should deploy multifactor authentication for all privileged or administrative accounts; update software and prioritize patches that fix exploited flaws CISA has identified; disable all unneeded ports and protocols; employ strong cloud controls per CISA’s guidance; and other security best practices.
And in a nod to the stark geopolitical threat at hand, CISA said: “If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those
organizations; closely review access controls for that traffic.”
Microsoft recently detailed a destructive malware operation against multiple organizations in Ukraine aimed at leaving targeted systems inoperable.
Read more here.