The Department of Homeland Security reportedly sent out a bulletin Sunday to critical infrastructure operators and local government officials warning of the potential for cyberattacks launched by the Russian government in response to any US involvement in a potential war in Ukraine. This dovetails with the cyberattack on the Canadian government that I reported on earlier today.
Saryu Nayyar, CEO and Founder, Gurucul had this comment:
“It is not surprising that the cyberattacks on the Ukraine were not going to be isolated to them based on the US involvement in Russia’s aggressive military actions. As the CISA points out with attacks such as WhisperGate, ‘identifying and quickly assessing any unexpected or unusual network behavior’ includes activity such as privileged access violations. Cisco Talos reports that system access was most likely based on stolen credentials. Organizations in the US must go beyond traditional XDR and SIEM solutions and incorporate identity and access analytics with user and entity behavior analytics to pick out unusual network activity, lateral movement and unusual access to applications. This activity must be escalated quickly and with confidence to security teams in light of forthcoming attacks. Stolen credentials can be identified based on abnormal usage by threat actors, especially as most other detection techniques cannot discern this being an immediate threat.”
Clearly things are escalating when it comes to Ukraine. Which means that the time to act in terms of staying safe is now. Thus if you’re a company with exposure in that part of the world, and even if you’re not, you’ve got some work to do and quickly.
Like this:
Like Loading...
Related
This entry was posted on January 25, 2022 at 1:33 pm and is filed under Commentary with tags DHS, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
DHS Warns Of Ukraine Related Cyberattacks
The Department of Homeland Security reportedly sent out a bulletin Sunday to critical infrastructure operators and local government officials warning of the potential for cyberattacks launched by the Russian government in response to any US involvement in a potential war in Ukraine. This dovetails with the cyberattack on the Canadian government that I reported on earlier today.
Saryu Nayyar, CEO and Founder, Gurucul had this comment:
“It is not surprising that the cyberattacks on the Ukraine were not going to be isolated to them based on the US involvement in Russia’s aggressive military actions. As the CISA points out with attacks such as WhisperGate, ‘identifying and quickly assessing any unexpected or unusual network behavior’ includes activity such as privileged access violations. Cisco Talos reports that system access was most likely based on stolen credentials. Organizations in the US must go beyond traditional XDR and SIEM solutions and incorporate identity and access analytics with user and entity behavior analytics to pick out unusual network activity, lateral movement and unusual access to applications. This activity must be escalated quickly and with confidence to security teams in light of forthcoming attacks. Stolen credentials can be identified based on abnormal usage by threat actors, especially as most other detection techniques cannot discern this being an immediate threat.”
Clearly things are escalating when it comes to Ukraine. Which means that the time to act in terms of staying safe is now. Thus if you’re a company with exposure in that part of the world, and even if you’re not, you’ve got some work to do and quickly.
Share this:
Like this:
Related
This entry was posted on January 25, 2022 at 1:33 pm and is filed under Commentary with tags DHS, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.