CISA issues ‘Shields Up’ alert warning of potential Russian hacking attempts

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a ‘Shields Up’ alert that notifies every organization in the country of potential risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. The warning nudges organizations to strengthen their cybersecurity posture, in addition to remaining on high alert for potential Russian cyberattacks.

The alert comes in the wake of increasing geopolitical tensions brought about by Russia’s potential invasion of Ukraine.

“Notably, the Russian government has used cyber as a key component of their force projection over the last decade, including previously in Ukraine in the 2015 timeframe,” the CISA wrote in its Shields Up advisory. “The Russian government understands that disabling or destroying critical infrastructure — including power and communications — can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives,” it added.

While there are not currently any specific credible threats to the U.S. homeland, “we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine,” the security agency added. 

“Based on this situation, CISA has been working closely with our critical infrastructure partners over the past several months to ensure awareness of potential threats—part of a paradigm shift from being reactive to being proactive,” it added. The agency has been working with critical infrastructure organizations to increase awareness of potential threats, in order to make sure that their most critical assets are secured in the event of any cyberattack.

“​​While there are no specific credible threats to the US homeland at this time, we are mindful of the potential for Russia to consider escalating its destabilizing actions in ways that may affect our critical infrastructure, to include cascading impacts as we saw w/NotPetya,” Jen Easterly, CISA director, wrote in a Twitter message on Saturday. 

In its Shields Up advisory, CISA calls upon all organizations, irrespective of their size to adopt a heightened posture when it comes to cybersecurity and focus on protecting their most critical assets. 

Organizations have been provided with a host of measures that will help reduce the likelihood of a damaging cyber intrusion, including validating remote access to the organization’s network and privileged or administrative access to require multi-factor authentication, in addition to ensuring that software is updated and prioritizing updates that address known exploited vulnerabilities identified by CISA. Enterprises must also take steps to detect a potential intrusion, ensure that the organization is prepared to respond if an intrusion occurs, and maximize the organization’s resilience to a destructive cyber incident. 

The Department of Homeland Security (DHS) had in January issued a memo to critical infrastructure operators and local governments, warning of potential cyberattacks launched by the Russian government. 

Last week, the Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS) issued a cybersecurity advisory providing technical details and indicators of compromise concerning BlackByte ransomware. Ahead of the FBI-USSS alert, a transnational joint cybersecurity advisory (CSA) was issued outlining the growing international threat posed by ransomware trends observed over the past year. The FBI also observed that several ransomware groups have developed code designed to stop critical infrastructure or industrial processes.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.