The Russian government has issued a security warning to organizations in Russia about potential retaliatory cyberattacks from United States of America SolarWinds breach.
And last month, SolarWinds revealed that it had suffered from a sophisticated cyberattack that led to a supply chain attack that affected 18,000 customers.
The United States government believes that this attack was carried out by a state-sponsored Russian hacking group whose aim was to steal cloud data, such as e-mail and files, from US companies and high-level government agencies.
In response to questions about the cyber attack, White House Press Secretary Jen Psaki indicated that the United States might similarly retaliate for those who carried out the attacks.
While Russia continued to deny its involvement in the attacks, Russia’s National Computer Incident Coordination Center issued NKTsKI A warning For Russian organizations to improve their network security.
NKTsKI’s warning said: We recommend that the following measures be taken to improve the security of information resources in the face of persistent accusations of involvement in organizing computer attacks against the United States and its allies, as well as threats from the US side to launch retaliatory cyberattacks against vital information infrastructure facilities of the Russian Federation.
The Russian National Computer Accident Coordination Center (NKTsKI) is part of the Federal Security Service (FSB) and was created to detect, prevent and combat cyber attacks against the country’s infrastructure and companies.
NKTsKI requires Russian institutions and agencies to take the following steps to increase network security:
- Update your organization’s current plans, instructions and guidelines for responding to computer incidents.
- Inform employees about potential phishing attacks using social engineering.
- Perform network information security audits and antivirus tools to ensure they are operating properly.
- Avoid using third-party DNS servers.
- Use multi-factor authentication to remotely access your organization’s network.
- Determine the list of trusted programs to access the corporate network.
- Ensure correct recording of network and system events across the critical information infrastructure.
- Make sure to back up important elements of your information infrastructure.
- Ensure that the current policies are correct to distinguish between access rights for devices on the network.
- Restricting access to services over the internal network by firewalls.
- Use terminal access via the enterprise’s internal services.
- Update passwords for all users according to the password policy.
- Provide virus protection for incoming and outgoing email.
- System security monitoring.
- Make sure you have the necessary security updates for your software.
In the past, the United States has avoided publicly carrying out reprisals against other countries that have launched cyberattacks against the United States, and so on Retaliatory attacks have occurred from the United States, and they will likely not be revealed publicly.
The USA and affected organizations are still investigating and responding to the SolarWinds supply chain attack.