International Coalition Of Government Cybersecurity Agencies Jointly Release Advisory On Russia Foreign Intelligence Service Hacking Activities

FL
Foley & Lardner
Contributor
Foley & Lardner LLP looks beyond the law to focus on the constantly evolving demands facing our clients and their industries. With over 1,100 lawyers in 24 offices across the United States, Mexico, Europe and Asia, Foley approaches client service by first understanding our clients’ priorities, objectives and challenges. We work hard to understand our clients’ issues and forge long-term relationships with them to help achieve successful outcomes and solve their legal issues through practical business advice and cutting-edge legal insight. Our clients view us as trusted business advisors because we understand that great legal service is only valuable if it is relevant, practical and beneficial to their businesses.
The Cybersecurity and Infrastructure Agency (CISA) and other international agencies responsible for cybersecurity released a joint advisory describing efforts used by the Russian Foreign Intelligence Service...
United States Technology
To print this article, all you need is to be registered or login on Mondaq.com.

The Cybersecurity and Infrastructure Agency (CISA) and other international agencies responsible for cybersecurity released a joint advisory describing efforts used by the Russian Foreign Intelligence Service (SVR) to gain access to cloud environments. While the report does not suggest a motive to such attacks, other guidance from CISA suggests that at least one motive is the disruption of critical infrastructure in the West during crisis.

Attack Methods

Also known as APT29, the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard, the report describes tactics used by the SVR to gain initial access to cloud services, including:

  • Access via service and dormant accounts, which may provide privileged access
  • Cloud based token authentication
  • Enrolling new devices into the cloud (after bypassing password authentication using techniques such as password spraying and MFA bombing)
  • Residential proxies (making traffic appear to come from IP addresses used by ISPs for residential broadband customers, which makes it harder to detect malicious activities from country-based firewall rules based on IP addresses).

Recommendations to Businesses

The advisory recommends a number of mitigation strategies, that may be useful in defending attacks based on the above. These include:

  • Using MFA
  • Requiring strong, unique passwords for accounts that cannot use MFA
  • Disabling user and system accounts that are no longer necessary
  • Adopting the principle of least privilege for system and service accounts
  • Deploying "canary" service accounts, which appear to be legitimate, but which are never used by legitimate services, and setting up monitoring and alerting on the accounts should they be used
  • Minimizing session lifetimes for session tokens (balanced against suitable authentication methods taking into account user experience)
  • Only permit authorized devices to enroll, which may include the use of zero-touch enrollment techniques or the use of strong MFA that is resistant to phishing and prompt bombing attacks
  • Consider a variety of information sources, such as application and host-based logging that may suggest malicious behavior

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

International Coalition Of Government Cybersecurity Agencies Jointly Release Advisory On Russia Foreign Intelligence Service Hacking Activities

United States Technology
Contributor
Foley & Lardner LLP looks beyond the law to focus on the constantly evolving demands facing our clients and their industries. With over 1,100 lawyers in 24 offices across the United States, Mexico, Europe and Asia, Foley approaches client service by first understanding our clients’ priorities, objectives and challenges. We work hard to understand our clients’ issues and forge long-term relationships with them to help achieve successful outcomes and solve their legal issues through practical business advice and cutting-edge legal insight. Our clients view us as trusted business advisors because we understand that great legal service is only valuable if it is relevant, practical and beneficial to their businesses.
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More