Close

Get in Touch

Contact us to learn more about our elite cybersecurity services and industry-leading technologies.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Close
Breachquest

Emergency Incident Assistance

Is your network under attack? Get in touch with a
BreachQuest Specialist right away with this form.

You can also reach us by calling our 24/7 hotline.

+1 888 409 5811

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You can also reach us by calling our 24/7 hotline.

+1 888 409 5811

CISA Shields Up – Cybersecurity Call to Action

02.18.22
By: BreachQuest

This week CISA issued a Shields Up warning, that came shortly after a CISA alert and the Joint Cyber Advisory issued by the United States, United Kingdom, and Australia.  With these messages, CISA fulfills its mission to lead the multi-national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. They are trying to be proactive instead of reactive.

Shields Up

The Shield’s Up message is a call to action to every business leader, CISO, and cybersecurity team.  A CISO should act on the Shield’s Up message the same way a person listens and acts when the weatherman warns of a hurricane that may be headed to the area you live. For a hurricane, you check the windows, the pantry for food supply, buy extra water, and batteries for a working flashlight.  A cybersecurity team needs to double down on their environment. Call a team meeting make sure people on the team are on high alert. Review the incident response plan and have it available. Send a message to the users in the organization to watch for any suspicious activity. Also, send a message to the executive leadership in the organization the Shield’s Up message is a call to action, and you are prepared.

Ransomware Warning

According to the CISA Alert, 2021 saw considerable activity and sophistication in the ransomware sphere.  According to our Global Head of Incident Response, Lee Pitman, many variants came and went.  As variants ceased to operate, others came along to take their place.   The BlackCat variant was first identified at the end of November 2021, and by the end of January 2022 was already the seventh-largest ransomware group. The ‘Night Sky‘ variant appeared in December and by February posted victims to their doxing site.

North America continues to be the most actively targeted region, with Europe following closely behind. Both the United States and Australia observed a trend away from larger organizations.  They both noticed that there was a marked shift towards smaller mid-sized companies.  The transition is thought to be a way to reduce the scrutiny from the Federal government.

Is the Triple Extortion the new Double Extortion?

The double extortion that in 2020 was rare is now becoming increasingly commonplace.  Double extortion is when the threat actor not only steals the data but then also encrypts their data as a way to pressure the victim to pay the ransom.  By the end of 2021, they observed triple extortion: publicly release stolen data, disrupt the victim’s access to the internet, and inform the victim’s shareholders and partners of the incident.

When I asked our response team their thoughts, the response was resounding. “There is nothing in [CISA alert] that is new or truly shocking.”   Our team has been preaching this message for years.  The difference now is that CISA is also taking the proactive view, trying to get the news out to circle the wagons.

Focus on What is Important

In the last six months, we have had numerous threat announcements. But in the current chaotic environment, identifying the noise signal is a skill developed through experience.  A CISO should curate the threat information feed to align their urgency to action from the message. They need to protect their organization and team from alert fatigue, so when there is a critical alert such as the Shield’s UP warning from CISA, the organization takes appropriate action.

The Russia/Ukraine Effect

There is evidence that the current global situation between Russia and Ukraine will undoubtedly affect companies in NATO countries. Geopolitical-driven attacks such as NotPetya had devasting consequences that impacted every country’s organizations.  BreachQuest advises our customers to take the current political tension seriously and is advising and preparing our customers.

Be Prepared

Preparing our clients for any event or incident is what BreachQuest does. The key is to build a strong cybersecurity foundation. Our core mission is to protect our clients and PREPARE for, DEFEND against, and RESPOND to severe cybersecurity threats. Our mission is to enhance cyber resilience.

Share this article:

Sign up for our newsletter to get more industry news and insights.

Related Insights

09.22.21

BreachQuest Shields Businesses From New Treasury Department Sanctions Linked To Ransomware Payments

Read more

02.15.22

Cybersecurity Practices for Secure Infrastructure

Read more

02.03.22

BlackCat – The New Ransomware on the Block

Read more