Agencies Say Defence Base Targeted

Russian state-sponsored actors are targeting the defence industrial base as well as the healthcare, energy, telecommunications and government facilities sectors in the US, according to a detailed advisory notice issued by three government agencies.

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) issued the joint alert on 11 January. The notice gives considerable detail about vulnerabilities previously exploited by attackers the agencies say are linked to the Russian state, but does not indicate whether it has been prompted by any particular wave of new or novel attacks.

The notice offers advice on protection against such attacks, though the suggestions are generic and will be familiar to most people with prior awareness of cybersecurity issues. Organisations are advised to immediately apply any patches available for all systems, prioritising application of patches released to address vulnerabilities known to have been exploited; deploy and use antivirus software; and to implement multi-factor authentication for users.

Although detailed, the advisory notice has been criticised for not going further. In an interview with Infosecurity Magazine, John Barnbenek, principal threat hunter at cybersecurity intelligence firm Netenrich, said: “It’s 2022. These agencies hopefully can reach directly out to organizations with more specific guidance, because public announcements aren’t helpful and there are reasons not to be too specific in them as well.”