Ride the Lightning

CISA Issues Severe Cybersecurity Warning Just Before the Holidays

December 16, 2021

Bleeping Computer reported on December 15 that the Cybersecurity and Infrastructure Security Agency (CISA) has warned critical infrastructure organizations to strengthen their cybersecurity defenses against potential and ongoing threats.

CISA also issued guidance to help executives and senior leaders proactively reinforce their organization’s resilience against threats arising from malicious activity by nation-state-sponsored threat actors and their associates.

“In the lead up to the holidays and in light of persistent and ongoing cyber threats, CISA urges critical infrastructure owners and operators to take immediate steps to strengthen their computer network defenses against potential malicious cyber attacks,” the cybersecurity agency said in its warning.

 CISA “strongly” urged organizations from critical infrastructure sectors to increase organizational vigilance, prepare for rapid response, ensure network defenders implement cybersecurity best practices, stay informed about current cybersecurity threats and malicious techniques, and immediately report incidents and anomalous activity.

While CISA did not say what these ongoing threats are, it is no doubt referring to the large-scale Log4j exploitation targeting vulnerable systems worldwide.

As Microsoft Threat Intelligence Center (MSTIC) and Mandiant have reported, multiple state-backed hackers linked to governments in China, Iran, North Korea, and Turkey have rapidly deployed Log4Shell exploits in their attacks.

From our foxhole, we are seeing dozens of attacks on many businesses each day – they are being stopped, but only because of the kind of proactive actions that have been taken.

Microsoft also said that access brokers used by ransomware-as-a-service (RaaS) operations have also joined these ongoing attacks, which means ransomware affiliates will soon start deploying their payloads on networks compromised in Log4Shell breaches.

Everyone wants to get in on this action.

Given the severe risks organizations using products bundling the vulnerable Log4j library face, CISA has ordered federal agencies to patch their systems before Christmas.

“Sophisticated threat actors, including nation-states and their proxies, have demonstrated capabilities to compromise networks and develop long-term persistence mechanisms,” CISA added.

“These actors have also demonstrated capability to leverage this access for targeted operations against critical infrastructure with potential to disrupt National Critical Functions.”

Take this one seriously folks. Don’t let the holidays distract you from focusing on shoring up your defenses. The scope of these attacks is massive.

Hat tip to Dave Ries.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson