Canada and Five Eyes allies issue another plea to critical infrastructure firms to prepare for Russian cyber attacks

Share post:

Canada and its allies in the Five Eyes intelligence co-operative have issued another warning to organizations in the critical infrastructure sectors to be prepared for cyberattacks from Russia as a response to governments helping Ukraine. Similar to a warning issued in March, it says “evolving intelligence” indicates that the Russian government is exploring options for potential cyberattacks. Recent Russian state-sponsored cyber operations have included distributed denial-of-service (DDoS) attacks, and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations. The advisory — co-authored by U.S., Australian, Canadian, New Zealand, and U.K. cyber authorities with contributions from industry members of the Joint Cyber Defense Collaborative (JCDC)— provides an overview of Russian state-sponsored advanced persistent threat (APT) groups, Russian-aligned cyber threat groups, and Russian-aligned cybercrime groups to help the cybersecurity community protect against possible cyber threats. The agencies urge critical infrastructure network defenders to prepare for and mitigate potential cyber threats — including destructive malware, ransomware, DDoS attacks, and cyber espionage — by hardening their cyber defenses and performing due diligence in identifying indicators of malicious activity. They provide a mitigations section of the advisory with recommended hardening actions. The critical infrastructure sector includes financial institutions, energy providers, telecom providers, the healthcare sector, transportation companies, food growers and distributors, manufacturers and governments. They are urged to
  • create, maintain, and exercise a cyber incident response and continuity of operations plan including a ransomware-specific annex;
  • maintain offline (i.e., physically disconnected) backups of data. “Backup procedures should be conducted on a frequent, regular basis,” says the alert. “Regularly test backup procedures and ensure that backups are isolated from network connections that could enable the spread of malware”;
  • ensure all backup data is encrypted, immutable (i.e., cannot be altered or deleted), and covers the entire organization’s data infrastructure.
  • OT (operational technology) assets and networks — such as internet-connected industrial control systems — should have a resilience plan that addresses how to operate if organizations lose access to—or control of—the IT and/or OT environment.
There’s also a link to this version of the alert from the U.S. Cybersecurity and Infrastructure Security Agency with more detailed recommended mitigations for a cyber attack from any threat group, which is a great resource for IT professionals. The lengthy warning also outlines the tactics of many Russian government and Russian-aligned criminal hacking groups. The post Canada and Five Eyes allies issue another plea to critical infrastructure firms to prepare for Russian cyber attacks first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, April 12, 2024 – A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more

A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more. Welcome to Cyber Security Today. It’s Friday April 12th, 2024. I’m Howard Solomon. Organizations that use products from business analytics provider Sisense [SI-SENSE] are being told to reset user login credentials and digital keys. The warning comes from the

LinkedIn introduces verification for recruiters to combat scams

LinkedIn announced today the launch of a new verification process for job recruiters, a move aimed at curtailing...

Cyber Security Today, Week in Review for week ending Friday, April 5, 2024

This episode features a discussion on a highly critical report on the hacking of Microsoft Exchange Online email accounts, a case study of a ransomware attack and the discovery of a years-long infiltration of an open source group to insert a backdoor

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways