In This Threat Report
Last December, the security industry was stunned by the magnitude and sophistication of the SolarWinds breach. Today, efforts are still underway to assess the impact of the more than seven-month-old cyberespionage campaign. In January, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigations (FBI), the Office of the Director National Intelligence (ODNI), and the National Security Agency (NSA) issued a joint statement announcing the plan to coordinate the investigation and remediation of the SolarWinds attack, which they cited as a significant cyber incident involving federal government networks. While the agencies work to understand the scope of the incident, the current investigative and mitigation efforts conclude.
3 Best Practices for Countering APTs
1. Leverage a single sign-on (SSO) provider to allow for centralized and seamless authentication across the vastly distributed work environment.
2. Apply micro-segmentation. Limit an adversary’s ability to move laterally within the organization. Forcing intruders to cross trust boundaries provides an improved opportunity for detection and prevention.
3. Segment personal and professional networks. Amid COVID-19, the corporate perimeter has expanded in employee homes, ushering in a deluge of new focus toward on-home routers and networks, which is only made more challenging with the lack of visibility security professionals have into those networks (especially while they, too, work from home).
This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks.
The Future of Iron Rain: What Tactics, Techniques and Procedures Should We Expect?
Going forward, we anticipate that these threat actors will escalate their attacks against the west, following ongoing testing and validation of tactics across Ukraine.26 A new administration also changes the threat landscape as we consider support of the North Atlantic Treaty Organization (NATO). As the U.S. and its allies attempt to contain the threat posed by the regime, cyberattacks and the use of proxies may grow. This reality forces all organizations—private and public sectors— to take a forward-leaning approach to cybersecurity. Organizations should look to subscribe to Zero Trust architectures that extend across their infrastructure intrinsically to suppress these threat actors.
“As cybercriminals continue to evolve and develop increasingly sophisticated methods of attack, law enforcement is likewise sharpening our investigative approaches necessary to arrest and convict these criminals,” said David Smith, special agent in charge of the Criminal Division, U.S. Secret Service. “While criminal methods may change as technology advances, we must never forget that no matter how sophisticated criminals may become, they are human, and humans make mistakes. Law enforcement will always be there to exploit those mistakes.”