Current heightened cyber threat – April 2022
Please be advised the NCSC in conjunction with U.S., Australian, Canadian, and New Zealand cyber authorities have released a joint Cybersecurity Alert (CSA). This provides an overview of specific threat groups, attributed objectives, techniques, and prior malicious activities relevant to ongoing global activities.
The joint alert additionally provides an overview of priority defence and mitigation steps organisations should take. This also includes guidance around preparing for and responding to various potential Cyber Incidents.
Aspects of this latest advice have been covered previously, however CSA AA22-110A defines further guidance based upon specific threat intelligence, applicable to a wide array of organisations.
NCSC have summarised “Several immediate actions for all organisations to take” as:
- prioritising the patching of known exploited vulnerabilities
- enforcing multi-factor authentication (MFA)
- monitoring remote desktop protocol (RDP) and
- providing end-user awareness and training
AA22-110A contains additional details beyond the above, focusing on defence and response that organisations are being urged to understand and utilise.
Please refer to the information provided within AA22-110A, further resources and references have been provided including how to report a significant cybersecurity incident within the UK.
UK joins international partners to issue advice on latest Russian cyber threat
If you have any concerns or would like assistance relating to this information, please contact Daisy via our Service Desk team on 0330 024 3333 or our Customer Portal.
Daisy continues to proactively review and act upon updates from multiple cyber-security sources, including the UK’s National Cyber Security Centre (NCSC), US Government’s Cybersecurity & Infrastructure Security Agency (CISA), and cyber security operations centres of our major vendors and partners including Microsoft and Cisco.
We fully support, and are actively following, the NCSC’s guidance that all organisations should review their cyber security posture and ensure it is as robust as possible.
NCSC advises organisations to act following Russia’s… – NCSC.GOV.UK
To protect ourselves and our customers, Daisy has ensured these key elements of security have been scrutinised and affirmed, and urge all organisations to do the same;
- Review access methods
- Verify access controls are in-place such as Multifactor Authentication (MFA) and review existing access to help reduce your overall attack surface. This should include all accounts with a focus on any with sensitive, or elevated privileges.
- Consider your potential exposure to third parties and supply chain risks and include these in any access review processes.
- Consider the retention and verbosity of logging mechanisms, ensure key systems are monitored and logging systems are adequately protected.
- Update software, systems, and devices
- CISA provide information relating to priority vulnerabilities that are known to be associated with Russian state-sponsored attackers: https://www.cisa.gov/uscert/ncas/alerts/aa22-011a.
- Ensure user systems and software is regularly updated and follows good cyber hygiene protocols. If possible review and implement secure configurations to these devices. NCSC provide valuable guidance on many common device types: https://www.ncsc.gov.uk/collection/device-security-guidance/platform-guides
- Employing a vulnerability management programme will help to establish goals, and understand where systems are most at risk, see the NCSC’s guidance: Vulnerability management.
- Protect internet accessible resources
- Test your external exposure with perimeter-based vulnerability scanning, and firewall rule reviews. Daisy encourage utilisation of NCSC’s Early Warning Service that is open to all UK organisations who hold a static IP address or domain name.
- Confirm defence and response mechanisms
- Anti-virus and detection capabilities should be in-place, updating with latest intelligence feeds, and reviewed for compliance status.
- Follow the “3-2-1” rule for backups and ensure recovery processes are tested and validated.
- Protecting users from phishing attacks by enabling spam filters is critical, as this is one of the leading causes of compromise. Ensuring users understand how to respond and report any identified attempts is equally important.
It is crucial to understand that there is great potential for the most determined of adversaries to bypass or exploit systems despite best efforts. We must however ensure that no vulnerable, exposed, or easily exploitable systems are available to compromise. Providing well established defences are in place, risk associated with malicious actors can be significantly reduced.
Daisy will continue to monitor the latest advice from official sources and update our notifications portal as appropriate.
If you require assistance or assurance in your efforts to secure your organisation, or would like to discuss further advice, please contact Daisy via our Service Desk team on 0330 024 3333 or our Customer Portal.
The National Cyber Security Centre (NCSC) have reiterated the need for UK organisations to bolster their online defences in response to the current situation in Ukraine.
Daisy continues to follow the published guidance and is monitoring the cyber-attack campaigns aimed at Ukrainian organisations and critical infrastructure to assess the consequences.
We will provide further updates as the situation develops.
Latest NCSC News Item:
https://www.ncsc.gov.uk/news/organisations-urged-to-bolster-defences
NCSC Cyber Threats Advice & guidance collection:
https://www.ncsc.gov.uk/section/advice-guidance/all-topics?topics=Cyber%20threat&sort=date%2Bdesc
Daisy are aware of the current heightened cyber threat, in particular the increased globalised threat of ransomware.
We are following current NCSC guidance relating to cyber security resilience and encourage our customers and suppliers to do the same.
By subscribing to industry, vendor and specialised threat feeds (including the NCSC Early Warning Service and Cyber Information Sharing Partnership), we are able to monitor the changing threat landscape and prepare to respond as required.
Further NCSC guidance can be found here:
Joint advisory highlights increased globalised threat of ransomware:
https://www.ncsc.gov.uk/news/joint-advisory-highlights-increased-globalised-threat-of-ransomware
UK organisations encouraged to take action in response to current situation in and around Ukraine:
https://www.ncsc.gov.uk/news/uk-organisations-encouraged-to-take-action-around-ukraine-situation
Actions to take when the cyber threat is heightened:
https://www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened