The Russian government issued a warning to organizations and companies in Russia regarding possible cyberattacks by the US as retaliation for the recent SolarWinds data breach.
Just December 2020, SolarWinds had disclosed they suffered a sophisticated attack that led to a data breach affecting 18,000 clients and customers worldwide.
Based on the reports and analysis of cybersecurity researchers and the US government, the attack was carried out by a government-backed hacking group based in Russia. The aim is to steal cloud data like emails, files and repositories from high profile US organizations, corporations and government agencies. White House press secretary, Jen Psaki had indicated that the US might retaliate in the same manner to whoever conducted the cyberattacks.
Meanwhile, the Russian government continued to deny the allegations and their involvement with the attacks and their warning to Russian companies and organizations to strengthen their network and infrastructure security.
Russia’s National Coordination Center for Computer Incidents, NKTsKI is a member of the Federal Security Service of the Russian Federation, FSB RF which was formed and tasked to prevent, detect and counter incoming cyberattacks targeting their country’s businesses, network and infrastructure. They issued recommendations and alerts to take the following measures in improving the security of their data and resources.
- Update your business’ information technology plans, instructions, guidelines when it comes to responding to incidents
- Educate staffs and employees on possible phishing via social engineering
- Perform audits on-network data security and anti-virus systems, ensure they are correctly set up, and all network security nodes are functioning as intended
- Steer away from using third-party DNS servers
- Activate multi-factor authentication whenever remote access is required to access the organization’s network resource
- Audit the trusted software list
- Ensure to enable logging of systems and network events on critical elements of infrastructure, organize the collection and the centralized storage
- Ensure the correct frequency of backing up data on essential elements of infrastructure
- Audit the existing policies and access rights of devices on the network
- Restrict access to services within the internal network by using firewalls and use demilitarized zone when sharing is needed
- Update passwords of all users and a firm password policy
- Enable anti-virus protection for the incoming and outgoing email
- Increase vigilance of system security monitoring
- Ensure the patches and the necessary security updates of the software
After a month, the US and other affected organizations are still performing investigation and analysis of the SolarWinds’ cyberattack.