Last week, the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) released an advisory stating that it did not see any specific or imminent cyber threat to New Jersey related to the Russia/Ukraine crisis. However, it went on to say that it is likely that Russia’s aggressive cyber activity will increase and spread. Therefore, it stated that New Jersey organizations should ensure that cybersecurity controls and plans are fully implemented.
The NJCCIC collaborates with public and private entities to make New Jersey more resilient to cyberattacks … and continuously assesses and adjusts its cyber capabilities to account for emerging threats.
Advanced powersolution.com threat mitigation protections implemented
powersolution is a New Jersey-based, award-winning IT Consulting, Managed Services, and Managed Security company. We support local and national SMBs and organizations. Member of NJCCIC. We are especially proud to be recognized by industry leaders as one of the Top 100 companies in Managed Security.
Over the last 18 months, powersolution.com significantly increased cyber protections for Small and Medium-sized business clients, particularly through approximately 10-12 layers of advanced security functions associated with its Todyl Secure Global Network (SGN) and Threat Ops monitoring and management. These layers of protection greatly mitigate the risks associated with cyber threats and intrusions. These additional security measures include many of the risk-mitigation methods recommended by the NJCCIC and the U.S. federal government’s Cybersecurity & Infrastructure Security Agency (CISA).
This week, Todyl released its Threat Update, with notification that its multiple IT security teams have been closely monitoring the threat landscape — including its Kyiv, Ukraine Point of Presence (PoP). Since just Friday, February 25, 2022, the Todyl Detection Engineering team has proactively blocked over 1,500 network level Indicators of Compromise (IoCs). The team added new Cloud-based detection rules and Endpoint Security layers to identify malicious software behaviors – and will continue to roll out relevant countermeasures and additional detection rules, as needed.
The NJCCIC recent advisory describes how Russian intelligence services, in 2017, inserted malware into an accounting software update that spread worldwide, including in New Jersey. Recently, Russian state-affiliated actors launched numerous disruptive and destructive ransomware attacks primarily targeting U.S. institutions. Over the last few years, numerous New Jersey organizations have been impacted by ransomware attacks resulting in significant operational disruptions and financial losses.
According to the NJCCIC, it is increasingly likely that Russian cyberattacks will spread – therefore, the NJCCIC is advising that all New Jersey organizations ensure that cybersecurity controls and plans are fully implemented and up-to-date, including the following:
- Multi-Factor Authentication (MFA) for remote access to internal systems and cloud services that provide critical services or host sensitive information.
- The Principle of Least Privilege provides account access privileges only to those where access is essential.
- Critical vulnerabilities are patched.
- Public-facing web applications are protected by a web application firewall.
- Internal networks are appropriately segmented to contain attacks and prevent propagation.
- Endpoint Detection and Response (EDR) software is installed on all supported endpoints and cloud workloads.
- Current backups are stored offline and have been tested to confirm their viability for full systems and data restoration.
- All end-of-life systems and applications are decommissioned and powered off.
- Incident response plans are updated with appropriate personnel contacts.
- Disaster Recovery and Continuity of Operations Plans are in place and current.
Meanwhile, the U.S. federal government’s Cybersecurity & Infrastructure Security Agency (CISA) released an alert this past weekend, stating the disruptive cyberattacks in Ukraine may spill over to organizations in other countries. CISA is encouraging organizations to increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for disruptive cyber events.
A few of the immediate preventative actions CISA is recommending include:
- Set antivirus and antimalware programs to conduct regular scans.
- Enable strong spam filters to prevent phishing emails from reaching end users.
- Filter network traffic.
- Update software.
- Require multi-factor authentication.
- Ensure proper network segmentation.
- Ensure systems are contained within restrictive Virtual Local Area Networks (VLANs), with additional segmentation and network access controls.
- Layered access control, and device-level access control enforcement.
- Audit and review security logs for anomalous references to administrative and service accounts.
- Review network flow data for signs of anomalous activity.
- Perform file and data integrity checks.
- Ensure robust vulnerability management and patching practices are in place.
- Implement recovery and reconstitution procedures.
- A comprehensive inventory of all mission-critical systems and applications.
- Document contact information for all essential personnel within the organization.
- Implement and manage data backup files.
- Be prepared to reset all passwords, if necessary.
- Implement incident response procedures.