US Government Gives Cybersecurity Guidance for Securing Against Russian Hacks

The United States government has issued guidance to help businesses and organizations secure their systems against Russian hacking attempts. The advice comes as tensions between the two countries continue to rise, with Russia being accused of interference in the 2016 US presidential election.

The guidance, published by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI), includes information on how to identify and defend against common Russian cyberattack methods. It also provides recommended mitigation strategies and resources for further reading.

Here’s what you need to know about the US government’s latest guidance on Russian hacking attempts:

What are the common Russian cyberattack methods?

The DHS and FBI have identified three common methods that Russian hackers use to gain access to US systems: phishing, watering hole attacks, and password spraying.

Phishing is a type of social engineering attack in which the attacker sends an email or other message that appears to be from a trusted source, in an attempt to trick the recipient into clicking on a malicious link or attachment. Once the victim clicks on the link or attachment, they are typically taken to a fake website that looks identical to the real website, but is actually under the control of the attacker. The attacker can then use this website to collect the victim’s login credentials or infect their computer with malware.

Watering hole attacks are a type of targeted attack in which the attacker compromises a website that is frequented by their intended target. The attacker then waits for the victim to visit the compromised website and infects their computer with malware when they do. This type of attack is often used to target specific organizations or individuals, such as government officials or employees of a particular company.

Password spraying is a type of brute force attack in which the attacker attempts to log in to multiple accounts using a small number of commonly-used passwords. This type of attack is often successful because many people use weak and easily guessed passwords, such as “password” or “123456”.

What are the recommended mitigation strategies?

The DHS and FBI recommend a number of mitigation strategies for each of the three common Russian cyberattack methods.

For phishing attacks, the agencies recommend that organizations provide employees with awareness training on how to identify phishing emails and what to do if they receive one. They also recommend that organizations implement technological solutions to block or filter phishing emails, such as spam filters and email gateway solutions.

For watering hole attacks, the agencies recommend that organizations monitor their website traffic for unusual activity and take steps to secure their websites against compromise. They also recommend that Organizations restrict access to websites to authorized users only, and develop and distribute threat intelligence reports to employees on a regular basis.

For password spraying attacks, the agencies recommend that organizations enforce strong password policies, such as requiring employees to use passwords that are at least eight characters long and include a mix of uppercase and lowercase letters, numbers, and symbols. They also recommend that organizations implement two-factor authentication for all accounts, whenever possible.

What are the recommended resources for further reading?

The DHS and FBI have provided a number of resources for further reading on their website, including a fact sheet on common cyberattack methods, guidance on how to prevent phishing attacks, and information on how to respond to a compromise.

Organizations can also find helpful information in the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, which provides guidance on how to implement security controls and risk mitigation strategies.

Now that you are familiar with the three common methods used by Russian hackers and the recommended mitigation strategies, you can start to implement these measures in your own organization. By doing so, you can help to protect your systems against attack and keep your data safe.

Chris Turn