Support: (615) 499-7801

NSA, CISA, UK warn of Russian brute force attacks on networks

NSA CISA et al warn of Russian brute force attacks. ImageQuest

Do you work for, or have as a customer:
Government agencies, the U.S. military, defense contractors, energy companies, higher education, logistics companies, law firms, media companies, political consultants, political parties, or think tanks?

Then cybersecurity needs to be your organization’s top priority. Russia’s military intelligence unit (familiarly GRU) is using brute force attacks to break into the above types of U.S. organizations and steal their business information.

In cybersecurity, a brute force attack uses “bots” to rapidly attempt logins with guessed and compromised passwords. Bots can guess weak passwords in seconds. Without multifactor authentication and other measures, enemies can penetrate and spread stealthily through your network in a flash.

Recently, the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the United Kingdom’s National Cyber Security Centre (NCSC) released a joint cybersecurity advisory warning of these attacks.

“The campaign uses a Kubernetes® cluster in brute force access attempts against the enterprise and cloud environments of government and private sector targets worldwide,” the advisory says. “After obtaining credentials via brute force, the GTsSS uses a variety of known vulnerabilities for further network access via remote code execution and lateral movement.”

Step One to combat this? Multi-factor authentication. You need this enabled organization-wide.

From the warning:

“Network managers should adopt and expand usage of multi-factor authentication to help counter the effectiveness of this capability. Additional mitigations to ensure strong access controls include timeout and lock-out features, the mandatory use of strong passwords, implementation of a Zero Trust security model that uses additional attributes when determining access, and analytics to detect anomalous accesses.

“Additionally, organizations can consider denying all inbound activity from known anonymization services, such as commercial virtual private networks (VPNs) and The Onion Router (TOR), where such access is not associated with typical use.”

You can read the warning here,  or you can download it here.