CISA Best Practices in Defending Against Advanced Persistent Threats

Posted March 15, 2022

With escalating tensions in Europe, American businesses are on heightened alert for cyber-attacks against financial institutions and energy infrastructure. The reality of the threat has caused the Cybersecurity and Infrastructure Security Agency (CISA) to consolidate the latest advisories, intelligence, and information in a separate Russia Cyber Threat Overview and Advisories section on their site.

Attacks targeting critical infrastructure are not new. In December of 2015, state-backed Russian hackers executed an attack on Ukraine’s power grid that left 230,000 customers in the dark during the depths of winter. And as recently as May of 2021, Russian cybercriminals attacked U.S. infrastructure causing Colonial Pipeline to shut down 5,550 miles of critical pipeline. Just last month hackers attacked 21 U.S. natural gas producers including Chevron Corp., Cheniere Energy Inc., and Kinder Morgan Inc., according to research shared with Bloomberg News.

As Dmitri Alperovitch, the co-founder of CrowdStrike recently stated on CNBC,

“The colonial pipeline is going to be like child’s play if the Russians truly unleash all their capability,”

Last month, a joint advisory by the FBI, National Security Agency (NSA), and the (CISA) warned of “regular targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors.” The report warns actors have targeted both large and small CDCs and subcontractors with varying levels of cybersecurity protocols and resources affecting the following areas.

Command, control, communications, and combat systems;
Intelligence, surveillance, reconnaissance, and targeting;
Weapons and missile development;
Vehicle and aircraft design; and
Software development, data analytics, computers, and logistics.

Tactics used to gain access to the networks include spearphishing, credential harvesting, brute force/password spray techniques, and known vulnerability exploitation against accounts and networks with weak security. The actors take advantage of simple passwords, unpatched systems, and unsuspecting employees to gain initial access before moving laterally through the network to establish persistence and exfiltrate data.

What is further alarming about the advisory is that actors have maintained persistent access to multiple networks, in some cases for at least six months. These advanced persistent threats (APT) pose a real threat to all businesses.

Through a collaborative research effort by the cybersecurity authorities of Australia, Canada, New Zealand, the United Kingdom, and the United States, CISA highlights technical approaches to uncovering malicious activity from APTs and mitigation steps according to best practices.

The CISA also warns of common missteps should a breach be discovered which can lead to:

1. Modifying volatile data that could give a sense of what has been done; and

2. Tipping the threat actor that the victim organization is aware of the compromise and forcing the actor to either hide their tracks or take more damaging actions (like detonating ransomware).

The cyber threats today are real for businesses of all sizes. APTs can evade the most advanced automated security techniques and protection requires the use of advanced threat hunting. Protocols must be established to find suspicious activity, report the incident, and take proper steps to remediate. If you are unsure of your current state of security, contact us. We are here to help.

Kyle Vinar

Kyle Vinar is Partner / President of Verus Corporation. He oversees all business operations and coaches Verus teams to continually improve on their solutions from client experience to product development and overall solution implementation. He works with all Verus resources to increase efficiencies and excellence in every aspect of their organizational roles. Kyle believes that people are the last real competitive edge that a company can have and constructing a rich culture is a vital step in running a world-class organization. Therefore he strives to create a culture within Verus that allows everyone to show up authentically and grow both personally and professionally, which in turn allows Verus Corp team members to provide clients with top-of-the-line service. Kyle helps balance strategy, capacity, and culture in such a way that has allowed Verus Corp to achieve exponential growth since he joined the company in 2013. One of Kyle’s greatest professional achievements has been in helping lay the foundation upon which Verus Corporation could be named the 2nd Best Place to Work by the Minneapolis/St. Paul Business Journal. Kyle holds a Bachelor of Science in Marketing from St. Cloud State University. He lives in Champlin with his wife and 3 children. He has enjoyed volunteering as a soccer coach for over 6 years and was the former Director of Coaching for Rebels Soccer Club. If Kyle isn’t on the sidelines of one of his children’s soccer games or in the audience of his eldest’s musicals, he can often be found cruising scenic routes on his Harley, in a deer stand, or on the golf course.