Critical infrastructure orgs urged to act now to protect systems against Russian hacks

Russia Cyber attack

Given the increased risk of malicious cyber operations by Russian state-sponsored and criminal actors since the start of the war in Ukraine, the Australian Cyber Security Centre (ACSC) has released a set of recommendations for critical infrastructure organisations to immediately implement to protect their systems.

As part of its comprehensive view, the ACSC urged local organisations to uplift their cybersecurity posture immediately based on “evolving intelligence” as well as a spate of destructive cyber-attacks prior to the conflict that reveal the potential fallout from and vectors of such an attack.

The jointly released Cybersecurity Advisory (CSA), which includes cybersecurity authorities from Australia’s international partners the United States, Australia, Canada, New Zealand and the United Kingdom, urged organisations to undertake the following actions:

  • Patch all systems, prioritising known exploited vulnerabilities.
  • Enforce multi-factor authentication. The CSA warned that Russian state-sponsored APT actors have demonstrated an ability to exploit default MFA protocols and known vulnerabilities, urging organisations to review their policies to protect against “fail open” and ‘re-enrollment’ scenarios.
  • Secure and monitor remote desktop protocol and other potentially “risky” services. It warned that RDP exploitation remains “one of the top initial infection vectors for ransomware”.
  • Provide end-user awareness and training.

The CSA included details on Russia-aligned cyber hacking groups, some of whom have threatened to conduct retaliatory cyber operations for the “unprecedented economic costs imposed on Russia” from Western sanctions, as well as materiel support provided by allied counties to support Ukraine’s resistance.

According to the CSA, cyber intelligence has indicated that the Russian Government has been exploring options to expand its cyber-hacking operations to target critical infrastructure beyond Ukraine, citing previous distributed denial-of-service (DDoS) attacks and destructive malware campaigns against Ukraine’s critical infrastructure.

The ACSC also warned organisations that Russia’s invasion had changed the geopolitical balance which, in turn, could expose organisations to increased malicious cyber activity.

“In particular, critical infrastructure organisations should act now to raise defences, not wait until being attacked,” head of the ACSC Abigail Bradshaw said.

“The ACSC stands ready to support its critical infrastructure partners in responding to the threats we face – by raising their awareness of the threat, sharing indicators of compromise, and providing technical mitigation advice.”