The Russian government warns the country's agencies of possible cyber attacks that the US may carry out as "retaliation" for the SolarWinds hack. Last month, SolarWinds revealed that it had suffered a "sophisticated" cyber attack, which led to a supply chain attack, affecting more than 18.000 of its customers. The US government believes that Russia is behind this attack, aiming to steal a cloud date, such as emails and files from high-profile US companies and government agencies.
White House spokeswoman Jen Psaki said the United States could retaliate for the large-scale attack. Specifically, in his relevant statement to NBC News, he stated the following: "We have the right to retaliate in any way we want with any cyber attack carried out either by Russia or any other country."
While Russia continues to deny US allegations of involvement in the SolarWinds breach, as first reported by ZDNet, Russia's NKTsKI (Russian National Coordination Center for Computer Incidents) has issued a warning to organizations based in Russia, advising them to improve the safety of their networks.
The NKTsKI is part of the Federal Security Service (FSB) and was created to detect, prevent and deal with cyber attacks on infrastructure and businesses in the country.
NKTsKI recommends that Russian-based organizations take the following steps to increase the security of their networks and to defend against possible US cyber-attacks.:
- Update your organization's existing plans and guidelines for dealing with security incidents.
- Inform your employees about possible Phishing attacks using social engineering.
- Check network information security and antivirus protection tools, make sure that all important network nodes are properly configured and operated.
- Avoid using third-party DNS servers.
- Use Multi-Factor Authentication (MFA) to gain remote access to your organization's network.
- Identify the trusted list software to access the corporate network and limit the use of funds that are not included in it.
- Confirm the correct logging of network and system events to important information infrastructure components, organize their collection and central storage.
- Make sure you also have the right data backup frequency for important information infrastructure components.
- Ensure that existing policies for differentiating access rights for network devices are correct.
- Restrict access to internal network services through firewall.
- To work with external resources, including the internet, use terminal access through the organization's internal services.
- Update all users' passwords according to the password policy.
- Provide antivirus protection for incoming and outgoing emails.
- Monitor system security with increased vigilance.
- Make sure you have the necessary ones updates security for your software.
It is worth noting that, in the past, the US has avoided public retaliation against other countries that have carried out cyber attacks against them. However, according to BleepingComputer, a possible future US retaliation, either in Russia or in another country, may not come to light.