Three top federal intelligence agencies on Tuesday issued a joint advisory to help protect against, identify and mitigate Russian cyber attacks.
The overview, published by the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the National Security Agency, aims to offer those operating critical infrastructure tips to “improve their functional resilience by reducing the risk of compromise or severe business degradation.”
It comes after the United States saw a series of devastating cyber attacks in the last several years, many of which have been linked to Russian-sponsored sources.
The agencies’ advice to cybersecurity companies is threefold: prepare in advance for a possible breach, enhance existing security procedures and increase organizational vigilance.
Russian hackers tend to use “common but effective tactics,” the agencies added, meaning it is possible to predict when and where a breach might occur. Those techniques include spearphishing, brute force entries and exploiting known vulnerabilities.
Since Russian-backed actors also tend to perform longer-term cyber operations, CISA, the NSA and the FBI are advising companies to implement “robust” logging and retention policies in order to pinpoint a potential threat actor.
Companies are also encouraged to conduct phishing exercises to remind employees not to click on suspicious links, as well as implement two-factor authentication and consistent monitoring of any remote networks.
The advisory comes after a wave of high-profile ransomware attacks and cyber espionage campaigns in the last year that have compromised sensitive government records and led to the shutdown of the operations of energy companies, hospitals, schools and others.
The explosion in the last year of ransomware, in which cyber criminals encrypt an organization’s data and then demand payment to unscramble it, has underscored how gangs of extortionist hackers can disrupt the economy and put lives and livelihoods at risk.
One of the cyber incidents with the greatest consequences this year was a ransomware attack in May on the company that owns the nation’s largest fuel pipeline, which led to gas shortages along the East Coast. A few weeks later, a ransomware attack on the world’s largest meat processing company disrupted production around the world.
The criminal syndicates that dominate the ransomware business are mostly Russian-speaking and operate with near impunity out of Russia or countries allied with Russia. The U.S. government has also blamed Russian spies for a major breach of U.S. government agencies known as the SolarWinds hack, so named for the U.S. software company whose product was used in the hacking.
Both Russia and China have denied any wrongdoing.