AA22-083A: Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector
date: March 24, 2022
Summary
Actions to Take Today to Protect Energy Sector Networks:
• Implement and ensure robust network segmentation between IT and ICS networks.
• Enforce MFA to authenticate to a system.
• Manage the creation of, modification of, use of—and permissions associated with—privileged accounts.
AA22-076A: Strengthening Cybersecurity of SATCOM Network Providers and Customers
date: March 17, 2022
Summary
Actions to Take Today:
• Use secure methods for authentication.
• Enforce principle of least privilege.
• Review trust relationships.
• Implement encryption.
• Ensure robust patching and system configuration audits.
• Monitor logs for suspicious activity.
• Ensure incident response, resilience, and continuity of operations plans are in place.
AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability
date: March 15, 2022
Summary
Multifactor Authentication (MFA): A Cybersecurity Essential
• MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are up to 99 percent less likely to have an account compromised.
• Every organization should enforce MFA for all employees and customers, and every user should sign up for MFA when available.
• Organizations that implement MFA should review default configurations and modify as necessary, to reduce the likelihood that a sophisticated adversary can circumvent this control.
AA22-057A: Destructive Malware Targeting Organizations in Ukraine
date: February 26, 2022 | Last revised: March 1, 2022
Summary
Actions to Take Today:
• Set antivirus and antimalware programs to conduct regular scans.
• Enable strong spam filters to prevent phishing emails from reaching end users.
• Filter network traffic.
• Update software.
• Require multifactor authentication.
AA22-055A : Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
date: February 24, 2022
Summary
Actions to Take Today to Protect Against Malicious Activity
* Search for indicators of compromise.
* Use antivirus software.
* Patch all systems.
* Prioritize patching known exploited vulnerabilities.
* Train users to recognize and report phishing attempts.
* Use multi-factor authentication.
AA22-047A: Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
date: February 16, 2022
Summary
Actions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity:
• Enforce multifactor authentication.
• Enforce strong, unique passwords.
• Enable M365 Unified Audit Logs.
• Implement endpoint detection and response tools.
AA22-040A: 2021 Trends Show Increased Globalized Threat of Ransomware
date: February 9, 2022 | Last revised: February 10, 2022
Summary
Immediate Actions You Can Take Now to Protect Against Ransomware: • Update your operating system and software.
• Implement user training and phishing exercises to raise awareness about the risk of suspicious links and attachments.
• If you use Remote Desktop Protocol (RDP), secure and monitor it.
• Make an offline backup of your data.
• Use multifactor authentication (MFA).
AA22-011A: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
date: January 11, 2022 | Last revised: March 1, 2022
Summary
Actions Critical Infrastructure Organizations Should Implement to Immediately Strengthen Their Cyber Posture.
• Patch all systems. Prioritize patching known exploited vulnerabilities.
• Implement multi-factor authentication.
• Use antivirus software.
• Develop internal contact lists and surge support.
AA21-356A: Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
date: December 22, 2021 | Last revised: December 23, 2021
Summary
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), the Computer Emergency Response Team New Zealand (CERT NZ), the New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) are releasing this joint Cybersecurity Advisory (CSA) to provide mitigation guidance on addressing vulnerabilities in Apache’s Log4j software library: CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105. Sophisticated cyber threat actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited.
AA21-148A: Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs
date: May 28, 2021
Summary
This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the…