Critical infrastructure (CNI) providers must act now to protect their IT systems from attacks during the holiday season, the US government has warned.
The Cybersecurity and Infrastructure Security Agency (CISA) issued a new alert demanding a more proactive stance “in light of persistent and ongoing cyber-threats.”
It urged organizations to ensure they have sufficient staff to monitor IT and OT systems over the holidays continuously and that they stay informed of the latest threats by signing up to CISA mailing lists and feeds.
The agency also urged network defenders to follow industry best practices such as enforcing multi-factor authentication and strong passwords and installing software updates.
CNI firms should also test their incident response processes and cross-sector dependencies and report any incidents and “anomalous activity” immediately to CISA, it said.
“CISA urges critical infrastructure owners and operators to take immediate steps to strengthen their computer network defenses against potential malicious cyber-attacks. Sophisticated threat actors, including nation-states and their proxies, have demonstrated capabilities to compromise networks and develop long-term persistence mechanisms,” the agency warned.
“These actors have also demonstrated capability to leverage this access for targeted operations against critical infrastructure with potential to disrupt National Critical Functions.”
Threat actors often strike during holiday periods or just before, hoping to hit organizations when they are under-staffed and ill-prepared for rapid response.
The Kaseya supply chain attack on MSPs and their downstream customers occurred over the July 4 weekend in the US. There was an attack on meat processing giant JBS USA on Memorial Day weekend, while the notorious Colonial Pipeline outage began on the Mother’s Day weekend in the US.
Although not mentioned, the CISA alert can also be viewed in the context of the recently revealed Log4Shell vulnerability, which security teams are scrambling to patch. Its near-ubiquity complicates their efforts in vendor-produced and homegrown applications and the Java dependencies that may be hiding instances in blind spots across the enterprise.
Phil Muncaster UK / EMEA News Reporter, Infosecurity Magazine