In the wake of raging Log4Shell attacks, Critical infrastructure businesses were advised today by the Cybersecurity and Infrastructure Security Agency (CISA) to beef up their cybersecurity defenses against future and existing attacks. The federal agency also provided recommendations to assist CEOs and senior leaders in strengthening their organizations’ resilience against risks posed by nation-state-sponsored threat actors and their proxies.
According to the cybersecurity agency, critical infrastructure owners and operators must take immediate actions to enhance their computer network defenses against potential hostile cyberattacks in the run-up to the holidays and in light of persistent and continuing cyber threats. CISA encourages all businesses, especially those dealing with critical infrastructure, to evaluate the CISA Insights and adopt a higher level of awareness.
CISA “strongly” advised critical infrastructure organizations to increase organizational vigilance, arrange for rapid response, ensure network defenders follow cybersecurity best practices, remain aware of current cybersecurity threats and nefarious techniques, and immediately report issues and anomalous activity.
While CISA did not specify what these current threats are, they are probably talking to the large-scale Log4j exploitation targeting vulnerable systems worldwide.
Multiple state-backed hackers affiliated to governments in China, North Korea, Iran, and Turkey have pounced at the opportunity to use Log4Shell exploits in their attacks, as revealed by Microsoft Threat Intelligence Center (MSTIC) and Mandiant over the weekend. According to Microsoft, access brokers employed by ransomware-as-a-service (RaaS) operations have also joined the current assaults, implying that ransomware affiliates would soon begin delivering their payloads on networks infiltrated by Log4Shell breaches.
Bitdefender has previously discovered a ransomware operation carried out by a new threat actor known as Khonsari, who targeted their victim using a Log4Shell vulnerability. CISA has already instructed federal agencies to repair their systems before Christmas due to firms’ severe dangers of employing products that use the insecure Log4j library face.
“Sophisticated threat actors, including nation-states and their proxies, have demonstrated capabilities to compromise networks and develop long-term persistence mechanisms,” CISA added. “These actors have also demonstrated capability to leverage this access for targeted operations against critical infrastructure with the potential to disrupt National Critical Functions.”
Since it began attacking US targets two weeks ago, the FBI reported a flash notice issued in collaboration with CISA that the Cuba ransomware group had infected the networks of at least 49 companies from vital infrastructure sectors.