CISA Cybersecurity Measures for Russian APTs

With the war drums beating louder and louder every day and Russia moving troops and equipment around Ukraine, a broader dis-information campaign and cyber attacks against Ukraine started weeks ago. These attacks have gradually picked up pace, including the defacement of Ukrainian government websites last week.

In response to the increasing tensions and signs pointing to inevitable attacks on US organizations and critical infrastructure, the Cybersecurity and Infrastructure Security Agency (CISA) released a checklist to help organizations mitigate, detect, and respond to cybersecurity threats and attacks. That checklist can be found here:

Earlier this year we wrote a blog post titled New Year, Still the Same Issues, where we laid out 10 things that you should start working on right now to make 2022 a better year. Here’s our list again which echoes and expands upon the guidance from the CISA:

  1. MFA for everything that is accessible from the outside at a minimum
  2. Its 2022, drop NTLM v1 for goodness sake
  3. Stop leaving RDP open to the world (with or without MFA)
  4. Harden your AD Infrastructure
  5. Collect logs from all systems (We can help with that)
  6. Review logs on an ongoing basis closely. (We can help with that, too)
  7. Threat hunt in your logs (You guessed it – We can help with that!)
  8. Review your perimeter/Firewall settings
  9. Review account permissions across all systems, and users. Remember to use Least Privilege (Microsoft has been saying this since 2005)
  10. Immutable Backups of everything

Along with CISA’s announcement, we believe a strong defense, consisting of 24×7 monitoring and threat hunting are crucial to ensure your organization is Semper Paratus (Always Ready) for whatever may come its way. If you’re ready to take the next step in keeping your organization and brand protected, contact us and let’s chat!