enterprise security

SecurityTrails Blog · Mar 10 · by Sara Jelen

Shields Up: Secure Your Perimeter in the Wake of Russian Threats

Reading time: 6 minutes
Listen to this article

Due to further sanctions and political measures from the U.S. and European countries on Russia, the possibility of retaliatory attacks looms while the conflict in Ukraine persists. Reports even show that in the wake of the invasion, experts have seen an increase in Russian cyber activity.

While no concrete cyber threats to the U.S. have been discovered at this time, it’s expected that Russian cyber attacks will be targeting organizations in the U.S. more directly. Government agencies and cybersecurity experts are warning organizations to prepare for an array of cybersecurity risks.

Guidance for protecting critical assets from Russian threat actors

Governments on both sides of the Atlantic have already warned about the cybersecurity implications of the war and the increased likelihood of Russian threats. And now, the US Cybersecurity & Infrastructure Security Agency (CISA) has shared their Shields Up guidance memo for all organizations seeking to adopt a heightened cybersecurity posture and protect their critical assets.

The UK’s National Cyber Security Centre (NCSC) has also warned British organizations about their heightened state of cyber risk and urges them to begin strengthening their digital defenses sooner rather than later.

Government agencies are advising all organizations to focus on their digital perimeter. The advice includes improving access control, adding layers of user authentication to their networks, patching all systems, and getting effective incident response plans on the ground—all to reduce the likelihood of a severe cyber attack on their critical assets.

Reduce the likelihood of damaging cyber intrusion from Russian threats

CISA’s Shields Up advisement recommends protecting and hardening the most critical assets in your organization, while recognizing the challenges that many organizations face in finding the resources needed to execute these urgent security improvements. Our Attack Surface Platform can be your best ally for following this guidance.

The platform enables you to easily discover and locate all of your critical assets, as well as identify and prioritize risks to them so that you can act fast, armed with reliable data.

How can you make sure you’re following Shields Up guidance, to prevent your organization from falling victim to a Russian cyber attack?

Verify your remote access points

Shields Up spotlights the importance of verifying that all remote access to your organization’s network is secure. The first step is to make sure you have the necessary understanding and control over what and who can connect to your infrastructure. This way, you’ll be able to monitor for threats in order to catch and mitigate potential attacks as quickly as possible.

Our attack surface platform ASI allows you to discover all remote access points and VPNs used on your network, instantly.

Discover all remote access points and VPNs

By knowing how users are connecting to your network and from where, you’ll be able to limit the number of access points, making them easier to monitor and control. Furthermore, it provides you with additional information on each remote access point, letting you know if there are any unused ports, protocols and services, and allowing you to restrict them from being accessible.

Prioritize remediation of vulnerabilities and misconfigurations

As per the guidance offered by CISA’s Shields Up memo, one of the main practices toward improving your security posture and reducing the likelihood of an attack is to ensure that all devices, software and internet-facing assets are patched for any vulnerabilities or misconfigurations. Malicious actors can easily scan your external infrastructure to find unmanaged and vulnerable internet-facing assets.

Your organization should also be prioritizing patches that address the known vulnerabilities listed by CISA here. And fortunately, the SecurityTrails ASI scans your organization’s assets against an ever-growing list of risk rules—helping you quickly identify which areas of your attack surface might be at risk and need to be patched first.

Ranging from assets with potential risks that only need to be monitored for the time being to CVEs requiring triage as quickly as possible, you’ll be continuously informed of all vulnerabilities and risks to your assets, mitigating the potential for an attack.

Discover vulnerabilities and risks to your assets

You’ll stay advised of any risks to your assets as well, such as hostnames pointing to local networks, staging and development subdomains that might be exposing sensitive information to the public, and even hostnames with self-signed certificates that when exposed can give attackers insight to your internal servers.

Discover risks to your assets as well

Disable all non-essential ports

When threat actors begin reconnaissance on your organization, one of the first steps involves massive or localized port scanning. Shields Up also recognizes this, advising all organizations to catalog and disable non-essential ports.

By keeping an inventory of all your external-facing assets, open ports, and services on each port, you’ll gain control in reducing your attack surface and maintaining your security posture in the wake of current threats.

Inventory of all your external-facing assets

The attack surface scanning technology provides you with a look into each open port, and every hostname, service and IP using those ports.

The attack surface scanning technology

It can also advise you regarding particularly dangerous open ports—ones that are used by your databases that can allow adversaries to exfiltrate data if left unprotected, without ACLs in place.

Protect your cloud assets

CISA notes that misconfigurations and unsecure cloud services and applications are often the primary attack vector for adversaries. Threat actors use phishing and other techniques to exploit poor cloud security hygiene practices in organizations’ cloud services configuration.

With so many new cloud assets being spun in, it can be challenging for your organization to maintain visibility over your internet-facing perimeter while keeping a complete asset list that includes all cloud assets. Attack Surface Intelligence provides you with complete and persistent visibility into your cloud environment, ensuring that there are no unmanaged or misconfigured cloud assets that need to be decommissioned.

Complete asset list

With a chronological timeline of your evolving infrastructure, you’ll know how many assets were created each day with information that connects each asset to known service platforms—which is crucial for spotting any newly spun up cloud instances.

Heighten and maintain your cyber hygiene

The final step in CISA’s Shields Up advisory is to follow their cyber hygiene best practices to help reduce your exposure to threats. One of their key points involves evaluating your external network presence by conducting continuous vulnerability scanning.

With ASI, your organization will be informed of any new or unknown assets quickly, allowing for timely investigation to uncover any malicious intent. And the resulting list of all newly identified assets will contribute to further targeted vulnerability scanning.

Summary

The implications for organizations during the conflict in Ukraine, whether economic, cyber or both, will be felt well beyond the immediate region. Operations will be affected, and supply chains can be attacked and interrupted. At this pivotal moment, adversaries and nation states are building their offensive tactics in order to attack, and our cybersecurity posture is truly being put to the test.

We at SecurityTrails can aid your organization in navigating CISA’s Shields Up cybersecurity recommendations and other best practices to ensure you are prepared to respond to and mitigate any potential threats from malicious actors.

The right moment to put our shields up and protect our infrastructure is now.

To get you started on following the CISA’s guidance and standing strong in the wake of Russian threats, talk to an expert on how ASI can help your organization.

Sara Jelen Blog Author
SARA JELEN

Sara believes the human element is often at the core of all cybersecurity issues. It’s this perspective that brings a refreshing voice to the SecurityTrails team. Her ability to bridge cognitive/social motivators and how they impact the cybersecurity industry is always enlightening.

X