While there are no current specific credible threats to the U.S. homeland, current geopolitical activities have highlighted the importance of staying vigilant and taking appropriate steps to reduce vulnerabilities whenever possible. With that said, below are some resources CISA would like to highlight.
CISA Shields Up Website
Shields Up | CISA
This page consolidates CISA’s published resources on cyber threats related to the current geopolitical tensions. It is designed to help critical infrastructure owners and operators mitigate possible cyber threats and strengthen their cybersecurity posture.
Alert (AA22-057): Destructive Malware Targeting Organizations in Ukraine
Destructive Malware Targeting Organizations in Ukraine | CISA
A joint advisory with CISA and the FBI which provides information on WhisperGate and HermeticWiper malware. Open-source indicators of compromise (IOCs) for organizations to detect and prevent the malware. Additionally, this joint CSA provides recommended guidance and considerations for organizations to address as part of network architecture, security baseline, continuous monitoring, and incident response practices.
Alert (AA22-054A): New Sandworm Malware Cyclops Blink replaces VPNFilter.
New Sandworm Malware Cyclops Blink Replaces VPNFilter | CISA
A joint cybersecurity advisory with the U.K. National Cyber Security Centre (NCSC), FBI, and NSA about the Cyclops Blink malware used by the threat actor known as Sandworm or Voodoo Bear. Sandworm has been previously attributed to Russian actors. Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home routers and network attached storage devices.
MIS, DIS, MALINFORMATION - MDM | CISA
Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure
Malicious actors use influence operations, including tactics like misinformation, disinformation, and malinformation (MDM), to shape public opinion, undermine trust, amplify division, and sow discord.
This CISA Insights product is intended to ensure that critical infrastructure owners and operators are aware of the risks of influence operations leveraging social media and online platforms.
Alert (AA22-047A): Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology | CISA
A joint cybersecurity advisory with the FBI and the NSA about Russian state-sponsored cyber actors targeting cleared defense contractors in the United States; includes detection and mitigation recommendations to reduce the risk of data exfiltration.
CISA Insights (2022)
CISA Insights | CISA
Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats - An executive-level product that recommends urgent, near-term steps to reduce the likelihood and impact of a potentially damaging compromise. Additional CISA Insights which have been published are also available on this page.
Alert (AA22-011A): Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure | CISA
A joint cybersecurity advisory with the FBI and NSA about the Russian threat to critical infrastructure, including specific tactics, techniques, and procedures associated with Russian actors.
Known Exploited Vulnerabilities Catalog
Known Exploited Vulnerabilities Catalog | CISA
A living list of vulnerabilities which have been known to be exploited. It was recently updated to include CVE-2022-23131 Zabbix Frontend Authentication Bypass Vulnerability and CVE-2022-23134 Zabbix Frontend Improper Access Control Vulnerability.
CISA Catalog of Free Cybersecurity Services and Tools
Free Cybersecurity Services and Tools | CISA
A list of CISA services, non-proprietary software tools available online, and free services offered by trusted private sector partners.
CISA Cyber Resource Hub
Cyber Resource Hub | CISA
A comprehensive list of the no-cost cybersecurity assessments CISA offers upon request to help organizations evaluate operational resilience, cybersecurity practices, organizational management of external dependencies, and other key elements of a robust and resilient cyber framework.
Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC)
Funded by CISA, the MS-ISAC and EI-ISAC serve as no-cost resources for situational awareness, best practices, information sharing, and incident response for SLTT government entities. Register now for the MS-ISAC (https://learn.cisecurity.org/ms-isac-registration) and the EI-ISAC (https://learn.cisecurity.org/ei-isac-registration).
Malicious Domain Blocking and Reporting
Malicious Domain Blocking and Reporting (MDBR) (cisecurity.org)
A no-cost protective Domain Name System (DNS) resolver service provided by the MS-ISAC and funded by CISA; blocks malicious DNS requests while keeping state and local partners informed through regular reports.
Endpoint Detection and Response
Election Security Spotlight – Endpoint Detection and Response (EDR) (cisecurity.org)
A service provided by the MS-ISAC and funded by CISA to help SLTT entities involved in managing elections maintain awareness of and isolate malicious activity that may be impacting workstations, servers, and other network endpoints, including malware and ransomware. This program is currently only available to SLTT election organizations.
Real-Time Indicator Feeds
Real-Time Indicator Feeds (cisecurity.org)
A service provided by the MS-ISAC and funded by CISA that provides real-time cyber threat intelligence indicator feeds that are easy to implement and available for free to SLTT entities.
In the event of a cyber incident, CISA may be able to offer assistance to victim organizations and use information from incident reports to protect other possible victims. CISA urges stakeholders to lower their thresholds for reporting potential incidents and anomalous activity.
All organizations should report incidents and anomalous activity to CISA via 24/7 CISA Central email@example.com; (888) 282-0870) or your local field personnel (Cybersecurity Advisors, Protective Security Advisors, Emergency Communications Coordinator, etc.). You can also reports incidents and anomalies to our partners at the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 and CyWatch@fbi.gov.
The current geopolitical activities are fluid and subject to change. We will continue to provide information as it becomes available.
Protective Security Advisor, Region 5, Illinois
Cybersecurity and Infrastructure Security Agency
U.S. Department of Homeland Security
Cell: 217-299-3954 | firstname.lastname@example.org