Russian government warns of US retaliatory cyberattacks

The Russian government has issued a security warning to organizations in Russia about possible retaliatory cyberattacks by the USA for the SolarWinds breach.

Last month, the SolarWinds network management company disclosed that they suffered a sophisticated cyberattack that led to a supply chain attack affecting 18,000 customers.

The US government believes that this attack was conducted by a Russian state-sponsored hacking group whose goal was to steal cloud data such as email and files from high profile US corporations and government agencies.

In responses to questions about the cyberattack, White House press secretary Jen Psaki indicated that the USA might retaliate in kind to whoever has conducted the attacks.

"We reserve the right to respond at a time and in a manner of our choosing to any cyberattack. But our team is, of course, just getting on the ground today, they're just getting onto their computers,” NBC News reported.

While Russia has continued to deny its involvement in the attacks, as first reported by ZDNet, the Russia's NKTsKI issued a warning to Russian organizations to improve their networks' security.

"In the face of constant accusations of involvement in organizing computer attacks against The Russian Federation by representatives of the United States and their allies, as well as threats from their side "Retaliatory" attacks on critical information infrastructure facilities of the Russian Federation, we recommend take the following measures to improve the security of information resource," translates NKTsKI's ALRT-20210121.1 security warning.

Russia's National Coordination Center for Computer Incidents (NKTsKI) is part of the Federal Security Service (FSB) and was created to detect, prevent, and counter cyberattacks on the country's infrastructure and businesses.

In an alert translated as "On the threat of targeted computer attacks," the NKTsKI warns Russian organizations and agencies to perform the following steps to increase network security.

1. Update your organization's existing plans, instructions and guidelines for responding to computer incidents.
2. Inform employees about possible phishing attacks using social engineering.
3. Conduct an audit of network information security and anti-virus tools, make sure they are correct setting up and functioning on all significant network nodes.
4. Avoid using third-party DNS servers.
5. Use multi-factor authentication to remotely access your organization's network.
6. Determine the list of trusted software for access to the corporate network and limit the use of funds not included in it.
7. Make sure the correct logging of network and system events on important elements information infrastructure, organize their collection and centralized storage.
8. Make sure that you have and the correct frequency of backing up data for important elements of information infrastructure.
9. Make sure that the existing policies for the differentiation of access rights for devices on the network are correct.
10. Restrict access to services on the internal network by means of firewalls, when if you need to share them, organize it through the demilitarized zone.
11. To work with external resources, including the Internet, use terminal access via internal services of the organization.
12. Update the passwords of all users according to the password policy.
13. Provide anti-virus protection for incoming and outgoing e-mail.
14. Monitor system security with increased vigilance.
15. Make sure you have the necessary security updates for your software.

In the past, the USA has avoided performing public retaliations on other countries that conducted cyberattacks against the USA.

If retaliatory attacks by the US occur, they will likely not be publicly disclosed.

A month later, the USA and affected organizations are still investigating and responding to the SolarWinds supply chain attack. Just this week, Malwarebytes disclosed that the same group behind the SolarWinds breach also gained access to their internal Office 365 email accounts.

We can expect to see further disclosure from US organizations in the future as investigations continue.