shutterstock 387869113 1

The Department of Homeland Security (“DHS”) and the National Cybersecurity and Communications Integration Center (“NCCIC”) joined together to host an unclassified webinar to brief on Russian government cyber activity against critical infrastructure. The webinar series is offered in response to Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. The webinar presentation included an overview of recent attack and various common techniques used to infiltrate targets.

The presentation focused its discussion on the penetration of corporate networks and the targeting of control systems. NCCIC emphasized that often threat actors will first attack a “staged target” that has a preexisting relationship with the “intended target.” This strategy is undertaken in order to lay the groundwork for sending phishing emails from what seems like a trusted source, but which actually contains malware. If not careful, clicking on links or opening attachments from these sources can provide threat actors access to the credentials that could open the entire corporation, along with their customers, to a cyberattack.

NCCIC provided recommendations as to protective measures to be undertaken by all corporations. First, corporations should conduct an initial triage of their systems and practices including searching for known indicators in their historical logs. NCCIC also emphasized not whitelisting network traffic with any trust partners because of the possibility they are a staged target. Second, corporations must continue to monitor their systems and anticipate so-called spearphishing and water hole attempts. Finally, NCCIC recommended blocking all external Server Message Block (“SMB”) network traffic as well as require multi-factor authentication for all external interfaces. NCCIC also reemphasized that they can be contacted by any entity that has questions or would like to receive an analysis on their current system. NCCIC can be contacted at This email address is being protected from spambots. You need JavaScript enabled to view it. or at 1-888-282-0870.

A copy of the presentation can be found here: https://www.us-cert.gov/sites/default/files/c3vp/Russian_Activity_Webinar_Slides.pdf

For more information, please contact Kristen Connolly McCullough or Sean Neal