CISA Shields Up – Cybersecurity Call to Action
This week CISA issued a Shields Up warning, that came shortly after a CISA alert and the Joint Cyber Advisory issued by the United States, United Kingdom, and Australia. With these messages, CISA fulfills its mission to lead the multi-national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. They are trying to be proactive instead of reactive.
The Shield’s Up message is a call to action to every business leader, CISO, and cybersecurity team. A CISO should act on the Shield’s Up message the same way a person listens and acts when the weatherman warns of a hurricane that may be headed to the area you live. For a hurricane, you check the windows, the pantry for food supply, buy extra water, and batteries for a working flashlight. A cybersecurity team needs to double down on their environment. Call a team meeting make sure people on the team are on high alert. Review the incident response plan and have it available. Send a message to the users in the organization to watch for any suspicious activity. Also, send a message to the executive leadership in the organization the Shield’s Up message is a call to action, and you are prepared.
According to the CISA Alert, 2021 saw considerable activity and sophistication in the ransomware sphere. According to our Global Head of Incident Response, Lee Pitman, many variants came and went. As variants ceased to operate, others came along to take their place. The BlackCat variant was first identified at the end of November 2021, and by the end of January 2022 was already the seventh-largest ransomware group. The ‘Night Sky‘ variant appeared in December and by February posted victims to their doxing site.
North America continues to be the most actively targeted region, with Europe following closely behind. Both the United States and Australia observed a trend away from larger organizations. They both noticed that there was a marked shift towards smaller mid-sized companies. The transition is thought to be a way to reduce the scrutiny from the Federal government.
Is the Triple Extortion the new Double Extortion?
The double extortion that in 2020 was rare is now becoming increasingly commonplace. Double extortion is when the threat actor not only steals the data but then also encrypts their data as a way to pressure the victim to pay the ransom. By the end of 2021, they observed triple extortion: publicly release stolen data, disrupt the victim’s access to the internet, and inform the victim’s shareholders and partners of the incident.
When I asked our response team their thoughts, the response was resounding. “There is nothing in [CISA alert] that is new or truly shocking.” Our team has been preaching this message for years. The difference now is that CISA is also taking the proactive view, trying to get the news out to circle the wagons.
Focus on What is Important
In the last six months, we have had numerous threat announcements. But in the current chaotic environment, identifying the noise signal is a skill developed through experience. A CISO should curate the threat information feed to align their urgency to action from the message. They need to protect their organization and team from alert fatigue, so when there is a critical alert such as the Shield’s UP warning from CISA, the organization takes appropriate action.
The Russia/Ukraine Effect
There is evidence that the current global situation between Russia and Ukraine will undoubtedly affect companies in NATO countries. Geopolitical-driven attacks such as NotPetya had devasting consequences that impacted every country’s organizations. BreachQuest advises our customers to take the current political tension seriously and is advising and preparing our customers.
Preparing our clients for any event or incident is what BreachQuest does. The key is to build a strong cybersecurity foundation. Our core mission is to protect our clients and PREPARE for, DEFEND against, and RESPOND to severe cybersecurity threats. Our mission is to enhance cyber resilience.