Resources for Agencies to Combat Cyberattacks
Federal agencies, like other large organizations, are prime targets for cyberattacks. As such, it’s important for IT leaders and CISOs to stay on top of tools to combat known threats.
Former CISA Director Chris Krebs, who leads Krebs Stamos Group, a cybersecurity consultancy he started with Alex Stamos, the former chief security officer at Facebook, is one of the internet’s most prominent voices on issues related to cybersecurity. He recently highlighted the work of his former agency and pointed to current guidance from CISA on how to combat common vulnerabilities.
Great resource here by @CISAgov and friends. It's not always the new and novel stuff that gets ya. As long as the tried and trusted vulns are out there, the bad guys will use them. Great to see USG teaming up w/ international partners for a united front on information sharing! https://t.co/HVyEVwPqYe
— Chris Krebs (@C_C_Krebs) July 29, 2021
“It’s not always the new and novel stuff that gets ya,” Krebs wrote regarding the guidance. “As long as the tried and trusted vulns are out there, the bad guys will use them,” he said referring to vulnerabilities.
In late July, CISA, along with the Australian Cyber Security Centre, the United Kingdom’s National Cyber Security Centre and the FBI, highlighted the top common vulnerabilities and exposures (CVEs) routinely exploited by cyber actors in 2020 and the vulnerabilities being widely exploited so far in 2021.
“Cyber actors continue to exploit publicly known — and often dated — software vulnerabilities against broad target sets, including public and private sector organizations worldwide,” the advisory states. “It’s recommended that organizations apply the available patches for the 30 vulnerabilities listed in the joint cybersecurity advisory and implement a centralized patch management system.”
Four of the most targeted vulnerabilities in 2020 involved remote work, VPNs or cloud tools, according to the guidance.
Also in July, CISA noted that it has “observed Chinese state-sponsored cyber actors” targeting the country’s critical infrastructure sector.
We have observed Chinese state-sponsored cyber actors target our nation’s critical infrastructure.
Eric Goldstein, @CISAgov’s Executive Assistant Director for Cybersecurity, outlines how we can safeguard critical infrastructure against threats from China: https://t.co/dDSFEDMdKl https://t.co/qpJ5lxoN86
— CISA Infrastructure Security (@CISAInfraSec) July 19, 2021
CISA, along with the National Security Agency and the FBI, published a similar joint cybersecurity advisory “with more than 50 observed tactics, techniques, and procedures (TTPs) of Chinese state-sponsored cyber operations,” the agency wrote on Twitter.
The advisory urged government agencies, as well as critical infrastructure providers, defense industrial base companies and the private sector, to take several common-sense security steps to guard against these vulnerabilities. Those include patching systems and equipment promptly and diligently; enhancing the monitoring of network traffic, email and endpoint systems; and implementing anti-virus software and other endpoint protection capabilities to automatically detect and prevent malicious files from executing.