The FBI, CISA and the NSA have warned those in charge of the United States’ critical infrastructure network to prepare themselves against cyber-attacks originating in Russia.
In a joint advisory issued January 11, the three agencies provided an overview of Russian state-sponsored cyber-operations; commonly observed tactics, techniques and procedures (TTPs); detection actions; incident response guidance; and mitigations.
The agencies shared attack vectors that have been favored by Russian-based cyber-criminals in the past and urged the cybersecurity community to “adopt a heightened state of awareness and to conduct proactive threat hunting.”
Tactics cited in the advisory include spear phishing, brute force, exploiting known vulnerabilities, compromising third-party software and developing and deploying custom malware.
“Russian state-sponsored APT actors have used sophisticated cyber-capabilities to target a variety of US and international critical infrastructure organizations, including those in the Defense Industrial Base as well as the Healthcare and Public Health, Energy, Telecommunications, and Government Facilities Sectors,” the joint advisory reads.
The warning came as no surprise to Vectra CTO and technical director Tim Wade.
He told Infosecurity Magazine: “I can’t recall a time in my life when Russia wasn’t aggressively probing Western resolve, ranging from tactical incursions into air space to pulling strategic economic levers.
“This activity is just a continuation of that longstanding tradition, and I read this advisory as another periodic reminder of the background radiation of global politics – if you’re operating critical infrastructure and are under the impression that you aren’t squarely in an operator’s crosshairs, you’re wrong.”
John Bambenek, principal threat hunter at Netenrich, was similarly insouciant about the latest cybersecurity alert to be issued by the Biden administration.
“Advisories like this do little to help defenders actually protect themselves,” he said. “I read this and don’t have any more insight into detecting and preventing these attacks than before.”
Bambenek called for the NSA, FBI and CISA to take a different and more direct approach to help America’s critical infrastructure defend against cyber-threats.
“It’s 2022,” he said. “These agencies hopefully can reach directly out to organizations with more-specific guidance because public announcements aren’t helpful, and there are reasons not to be too specific in them as well.