CISA Insights Urges US Organizations To Defend Against Data-Wiping Malware

CISA Insights has posted a new bulletin urging US organizations to defend against potential critical threats, similar to the malicious attacks Ukraine is currently battling. CISA is warning and encouraging organizations to strengthen cybersecurity defenses against data-wiping attacks recently seen targeting Ukrainian government agencies and businesses. 

Saryu Nayyar, CEO and Founder, Gurucul had this comment:

“The CISA’s guidance has several detailed measures that should be followed by every organization. One area of particular note is ‘identifying and quickly assessing any unexpected or unusual network behavior’. This is especially relevant when it comes to unusual communications, but also privileged access violations. In fact, another piece of guidance states: ‘take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic’. It is critical to monitor for and determine if access violations are taking place, but with stolen credentials commonly being used by attackers appearing valid to most detection solutions, this is really where behavioral analytics can determine if the access is indeed legitimate, suspicious or malicious and help security teams investigate further or rapidly respond.”

Clearly there’s a threat out there that the CISA is worried about, and given the which means that US organizations should take this seriously.

UPDATE: Antonio Martinelli, Director of Cyber Training at GRIMM had this additional commentary.

Attack surface reduction is a critical aspect of any Information Security program, yet something companies have consistently been struggling with since The Internet became ubiquitous. We’re seeing it’s easier now more than ever for employees to spin up new cloud resources and enroll in SaaS services without proper channels being involved, leading to companies being hit by attacks in these ever-expanding blind spots. A cyclical process of active asset inventory identification and subsequent attack surface assessment & reduction is mandatory in this day and age of Shadow IT complacency.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: