See below:
“The National Security Agency, along with CISA, the FBI and the National Cyber Security Centre have released the joint advisory: Russian GRU conducting global brute force campaigns to compromise enterprise and cloud environments. In response, experts with Gurucul and YouAttest offer perspective.
Saryu Nayyar, CEO, Gurucul (she/her):
“A growing number of ransomware attacks against infrastructure and critical industries, especially those suspected of state sponsorship and involvement, are prompting calls for an international agreement limiting the use of such ‘cyber warfare’ tactics.
“While such an agreement would be difficult to achieve, it is worthwhile for everyone to try to work toward this goal. Ransomware and other types of cyber warfare can cause irreparable harm to critical infrastructures, and lead to an escalating level of counterattacks, even if the actual perpetrators are not clearly apparent.
“A key aspect of any such cyber agreement is enforcement. Attacks aren’t easily detected early enough to prevent, and once perpetrated, leave the victim at the mercy of the attacker. By monitoring the thousands of potential security events to identify anomalies, governments and infrastructure providers can take action to stop an attack before it causes real damage.”
Garret Grajek, CEO, YouAttest:
“It’s heartening to know that the officials at the top of the western nations are finally taking this seriously. But one has to think that the cat is out of the bag. The malicious actors have learned that there is a high return on a low investment in international hacking. Most feel these organizations have profited so much from their ransomware attacks they have been able to buy political protection - at least up till now.
“Nothing has changed. The onus of cyber security is still on the enterprise - especially since most of the government proposals come in the form of fining businesses for not conducting proper cyber security practices. Enterprises should start with the basics, especially around access and the question of "who has what" - and be alerted on identity privilege changes and change attempts, which are often an unheard first alert to an attack.”
The above was shared by Maureen MacGregor.