Now more than ever you must be diligent about cyber attacks. U.S. officials are warning that Russian hackers could be preparing cyberattacks on critical U.S. infrastructure. The Cybersecurity & Infrastructure Security Agency warned:
Recently observed foreign influence operations abroad demonstrate that foreign governments and actors can quickly employ sophisticated influence techniques to target American audiences with the goal of disrupting U.S. critical infrastructure and undermining U.S. interests. This CISA Insight is intended to raise awareness amongst critical infrastructure owners and operators on the risks of such influence operations. The document also outlines steps organizations can take to mitigate the effects of MDM, such as ensuring swift coordination in information sharing and communicating accurate and trusted information to bolster resilience.
“We need to be prepared for the potential of foreign influence operations to negatively impact various aspects of our critical infrastructure with the ongoing Russia-Ukraine geopolitical tensions,” said CISA Director Jen Easterly. “We encourage leaders at every organization to take proactive steps to assess their risks from information manipulation and mitigate the impact of potential foreign influence operations.”
CISA encourages all critical infrastructure owners to identify vulnerabilities, educate staff on proper cyber hygiene, and implement an MDM incident response plan:
- Designate an individual to oversee the MDM incident response process and associated crisis communications.
- Establish roles and responsibilities for MDM response, including but responding to media inquiries, issuing public statements, communicating with your staff, and engaging your stakeholder network.
- Ensure your communication systems are set up to handle incoming questions. Phones, social media accounts, and centralized inboxes should be monitored by multiple people on a rotating schedule to avoid burnout.
- Identify and train staff on reporting procedures to social media companies, government, and/or law enforcement.
- Consider your internal coordination channels and processes for identifying incidents, delineating information sharing and response. Foreign actors can combine influence operations with cyber activities, requiring additional coordination to facilitate a whole-of-organization response.
In Ukraine, where Russian cyberattacks preceded the actual invasion of the country, officials told the BBC that the attacks were “on a completely different level,” from those seen before. The most recent attacks hitting Ukraine rely on what is known as a “wiper” technique, wherein information is deleted from victim computers. BBC reports:
Ukraine has been hit by more cyber-attacks, which its government says are “on a completely different level”.
Earlier on Wednesday, the websites of several Ukrainian banks and government departments became inaccessible.
At the same time a new “wiper” attack, which destroys data on infected machines, was discovered being used against Ukrainian organisations.
The incident represents the third wave of attacks against Ukraine this year, and the most sophisticated to date.
The latest attack began on Wednesday afternoon when internet connectivity company NetBlocks tweeted about the outages, saying “the incident appears consistent with recent DDoS attacks”.
Distributed denial of service (DDoS) attacks are designed to knock a website offline by flooding it with huge amounts of requests until it crashes.
The BBC continues:
On Wednesday night, cyber-security experts at ESET and Symantec then said they had recorded a second form of attack on computer systems using a sophisticated “wiper” malware.
“ESET researchers have announced the discovery of a new data wiper malware used in Ukraine, which they have named HermeticWiper,” a spokesman said.
“ESET telemetry shows that the malware was installed on hundreds of machines in the country.”
The team says the malicious software showed a timestamp of creation for 28 December 2021, implying that the attack may have been planned since then.
Action Line: Whether you own a business, or simply use the internet, you must be vigilant about your cybersecurity. Work with a professional to ensure you’re getting the best defense you can. Be skeptical about links and attachments you receive via unsolicited emails. If you feel like you’re getting lax on your personal financial security preparedness, I can help. Click here to subscribe to my free monthly Survive & Thrive letter, where I push you to achieve your personal and financial security goals. I’ll help you beat the smothering effects of inertia, and achieve a better life for you and your family today.
E.J. Smith - Your Survival Guy
Latest posts by E.J. Smith - Your Survival Guy (see all)
- A Gold Standard Would Provide Discipline to Government - September 17, 2024
- 401(k) Blindspot for Rollover IRA Investors - September 17, 2024
- Why the Fed Needs Rates Lowered - September 17, 2024
- Don’t Invite Problems into Your Portfolio - September 16, 2024
- The Stock Market Woodchipper - September 16, 2024