The United States’ Cybersecurity and Infrastructure Security Agency (CISA) is urging every organization in the US to implement cybersecurity measures.
Insights issued Tuesday by the cyber defense agency warned that cyber-threats could disrupt essential services and potentially impact public safety.
“Over the past year, cyber-incidents have impacted many companies, non-profits and other organizations, large and small, across multiple sectors of the economy,” said CISA.
“Most recently, public and private entities in Ukraine have suffered a series of malicious cyber-incidents, including website defacement and private-sector reports of potentially destructive malware on their systems that could result in severe harm to critical functions.”
The agency emphasized that past deployments of similar malware, such as NotPetya and WannaCry ransomware, had caused significant, widespread damage to critical infrastructure.
Organizations of all sizes were urged by CISA to “take urgent, near-term steps to reduce the likelihood and impact of a potentially damaging compromise.”
Actions advised by the agency include ensuring that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication and ensuring that software is up to date.
Organizations should also confirm that all ports and protocols not essential for business purposes have been disabled and test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyber-attack.
For US organizations working with other organizations in Ukraine, particular caution was urged.
CISA said: “If working with Ukrainian organizations, take extra care to monitor, inspect and isolate traffic from those organizations; closely review access controls for that traffic.”
Tom Kellermann, head of cybersecurity strategy at VMware, said that the importance of patching software with known exploited vulnerabilities could not be understated to reduce the risk of ransomware.
“We must remember that modern ransomware leaves a RAT behind and secondary infections will metastasize,” warned Kellerman.
Kellerman believes that cyber-criminals will increasingly deploy ransomware for reasons other than financial gain.
“Ransomware attacks that aim to cripple systems, rather than receive payment, will increase due to geopolitical tension,” he predicted.
