Russian Government Warns Business Of US Cyber Attack

The Russian government has issued a cyber security warning to local organisations they say are at risk of US reprisals for the latest SolarWinds assaults. 

The warning comes from the National Coordination Center for Computer Incidents (NKTsKI), an agency created in 2018 by KGB successor the Federal Security Service (FSB). It said that the US government had threatened to carry out retaliatory attacks on Russian critical infrastructure following the large-scale cyber espionage campaign which the Kremlin has waged on US government and other organisations in the past year.

The fifteen-point advisory issued by NKTsKI recommends updating incident response plans, correctly configuring security tools, training users on how to spot phishing, avoiding third-party DNS servers and using multi-factor authentication. Also,application controls, firewalls, updated passwords, email security and prompt patching.

The US accused  Russia for the SolarWinds attacks, after it emerged that Kremlin-sponsored operatives had performed a major spying operation on government departments including the Department of Justice, the State Department and the TreasuryThe White House Press Secretary has said the US reserves the right to “respond at a time and manner of our choosing to any cyber-attack.” 

President Biden now has the delicate task of seeking cooperation with Russia over arms treaties but a way to punish the Kremlin for this cyber-attack and other pressing issues.

Reports suggest he has given the intelligence community the task of investigating four key areas:

  • The SolarWinds attack.
  • Possible interference in the 2020 election.
  • Efforts to muzzle Russian opposition leader Alexei Navalny.
  • A bounty program to pay Taliban fighters in Afghanistan for killing US troops.

The earliest awareness of the attack on the US was from the experts at the FireEye cybersecurity firm which found itself under attack from hackers it thought were working for Russia. Their investigation revealed that the same hackers were able to monitor internal email traffic at the US Treasury and Commerce departments and other departments. 

The hackers are thought to have used hacks that got into software updates released by the  SolarWinds IT company, which serves government customers across the executive branch, the military, and the intelligence services.

Reuters:         New York Times:      TheOpenSecurity:    Safe-Surf:       Infosecurity Magazine:

You Might Also Read:

More Critical Problems With SolarWinds:

 

« Data Privacy & You
How To Create Effective Cyber Security Training For Employees »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

CERT-EU

CERT-EU

CERT-EU is a permanent Computer Emergency Response Team for the EU institutions, agencies and bodies.

Gigasoft

Gigasoft

Gigasoft provide secure online data backup & cloud backup services for the education sector and businesses.

6cure

6cure

The 6cure Threat Protection solution eliminates malicious traffic to critical services in real time and protects against DDoS attacks.

Nozomi Networks

Nozomi Networks

Nozomi Networks is a leader in Industrial Control System (ICS) cybersecurity, with a comprehensive platform to deliver real-time cybersecurity and operational visibility.

IPN (ICT Research Platform Nederlands)

IPN (ICT Research Platform Nederlands)

IPN promotes academic research and education in the ICT field by building and maintaining a national community, and by developing policy to advance the field. Areas of focus include Cyber Security.

Excelsecu Data Technology

Excelsecu Data Technology

Excelsecu is a global solution provider of online identity authentication, widely applied in banks, government bodies and enterprises.

Amadeus Capital Partners

Amadeus Capital Partners

Amadeus Capital Partners offers over 20 years’ experience in technology investment. Our areas of focus include AI & machine learning and cyber security.

Ascend Technologies

Ascend Technologies

Ascend Technologies offers a full suite of managed IT services including: Cloud & Infrastructure Management, Cybersecurity Management, Service Desk Management, Application Management , Data Management

CYBRScore

CYBRScore

CYBRScore is a premium, performance-based cyber skills training and assessment provider that quantifies a user’s ability to defend a network.

Maven Security Consulting

Maven Security Consulting

Maven Security Consulting helps companies secure their information assets and digital infrastructure by providing a wide range of customized consulting and training services.

TAG Cyber

TAG Cyber

TAG Cyber's mission is to provide world-class cyber security research, advisory, and consulting services to enterprise security teams around the world.

Tangible Security

Tangible Security

Tangible employs the most sophisticated cyber security tools and techniques available to protect our clients’ sensitive data, infrastructure and competitive advantage.

Cutting Edge Technologies (CE Tech)

Cutting Edge Technologies (CE Tech)

CE Tech is a Next Generation Technology Partner providing advanced technology infrastructure solutions through partnerships with leading technology providers.

Ministry of Information and Communications (MIC) - Vietnam

Ministry of Information and Communications (MIC) - Vietnam

The Ministry of Information & Communications of Vietnam is the policy making and regulatory body in the field of information technology and national information and and communication infrastructure.

Drata

Drata

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls, while streamlining workflows to ensure audit-readiness.