Federal Security Agencies Warn of Potential Russian-Sponsored Cyberattacks

An article by Jeff Drew, posted on February 4, 2022 on the Journal of Accountancy webpage, says that the buildup of Russian troops near the border with Ukraine has raised fears of an invasion accompanied by a wave of cyberattacks targeting not just the Ukrainians but also the United States and other NATO members that have rejected Russian demands that NATO bar Ukraine from ever becoming a member.

Drew notes that, in a recently released joint cybersecurity advisory, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the National Security Agency (NSA) strongly urged the adoption of several mitigation strategies to help protect networks from the techniques and tactics commonly used in Russian-backed cyberoperations. The document also outlines approaches organizations can use to detect cyberattacks.

Among the mitigation actions recommended in the advisory are the following:
• Patch all systems with a priority on patching known exploited vulnerabilities.
• Implement mandatory multifactor authentication for all uses and establish a strong password policy.
• Use antivirus software.
• Develop internal contact lists and surge support.

Russian-backed cyberoperations have shown the ability to maintain long-term access in compromised enterprise and cloud networking environments. The cybersecurity advisory recommends steps for detecting persistent cyberbreaches:
• Implement robust log collection and retention using native tools such as M365's Sentinel and third-party tools such as Sparrow, Hawk, or CrowdStrike's Azure Reporting Tool to review Microsoft cloud environments and to detect unusual activity.
• Look for behavioral evidence or network and host-based artifacts from known Russian state-sponsored cyberattack techniques such as password spray activity and the use of compromised credentials.

For advice on what to do should you detect potential breaches, visit Federal security agencies warn of potential Russian-sponsored cyberattacks - Journal of Accountancy.