Russian state-sponsored cyber activity
On Tuesday, March 15, 2022 the Cybersecurity and Infrastructure Security Agency (CISA) requested that its critical infrastructure partners, which include AWWA, pass along the following advisory:
“Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) to warn organizations that Russian state-sponsored cyber actors have gained network access through exploitation of default multifactor authentication (MFA) protocols and a known vulnerability.
“As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization (NGO) allowing them to enroll a new device for MFA and access the victim network. The actors then exploited a known Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527) to run arbitrary code and access the victim’s Google cloud and email accounts for document exfiltration.
“One of the most important security practices to reduce the risk of intrusions remains MFA and every organization should implement it for all users. MFA should be implemented according to best practices, such as reviewing default configurations and modifying as necessary, to reduce the likelihood that a sophisticated adversary can circumvent this control, as described in this CISA and FBI joint advisory.
“Now, more than ever, organizations must put their Shields Up to protect against cyber intrusions. Actions that executives and leaders can implement to help protect against this Russian state-sponsored malicious cyber activity include enforcing MFA and then reviewing configuration policies; ensuring inactive accounts are disabled uniformly across the active directory and MFA systems; and patching all systems, especially prioritizing known exploited vulnerabilities.
“CISA and FBI encourage all organizations to be cognizant of this threat and apply the recommended mitigations in this advisory. In addition, we encourage all organizations to review our Shields Up webpage to find recommended guidance and actions for all organizations, corporate leaders and CEOs, steps to protect yourself and your family, and a technical webpage with guidance from CISA and Joint Cyber Defense Collaborative (JCDC) industry partners.”
AWWA has developed Cybersecurty Guidance and an Assessment Tool to support utility assessment of potential cyber vulnerabilities. These resources aid a utility in examining cybersecurity controls that are tailored to the users’ operational conditions and implementation status to inform cybersecurity risk management actions.
Questions from AWWA members can be directed to Kevin Morley, AWWA’s federal relations manager.
Contact: David E. Brown, firstname.lastname@example.org Utility: City of Yakima