Shields Up: Understanding Guidance From the Biden Administration About Possible Russian Cyberattacks

Click here for Flashpoint’s coverage of the role of intelligence in Russia’s war on Ukraine.

On Monday March 21, the Biden Administration released several statements stressing the importance of cybersecurity, warning the private sector of potential malicious cyber activity from Russia. Biden implored companies to “harden your cyber defenses immediately” and explicitly named CISA’s Shields Up campaign as the best way to do so.

This announcement, which comes smack in the middle of Russia’s ongoing invasion of Ukraine, also follows an announcement from CISA warning that organizations outside of Ukraine could get caught in the crosshairs of Russian Advanced Persistent Threat (APT) groups.

CISA’s Shields Up Campaign

Created in response to Russia’s invasion of Ukraine, Shields Up provides organizations resources and recommended actions to heighten their security posture. Some of those actions include:

• Ensuring that software is up to date, prioritizing issues contained in CISA’s Known Exploitable Vulnerability (KEV) catalog.
• Taking steps to identify threats, including monitoring Russian threat actors and Ukrainian organizations.

In addition, the White House administration also encourages that organizations:

• Deploy modern security tools to continuously look for and mitigate threats
• Shift security left during development
• Take responsibility for all code used in their products, including open source code
• Create a Software Bill of Materials (SBOM).

Expecting enterprises to track vulnerabilities in open source code is a significant ask. While May’s Executive Order made SBOMs a requirement for federal agencies, equal headway has not been made in the private sector. Reflecting back, Log4Shell took a considerable amount of time to patch, and most of this was due to vendors releasing confusing advisories – since they didn’t know if their own products relied on affected versions of the log4j library.

Related reading: Log4j Chatter: What Threat Actors Are Sharing About the Log4Shell Vulnerability

All of this highlights the importance of better data. In order to shift security left, keep software up to date, and to continuously monitor for threat actors, organizations need comprehensive intelligence.

Proactively reduce the likelihood of cyber intrusions

Flashpoint threat and vulnerability intelligence not only helps organizations comply with Shields Up, but also enables them to be proactive in managing risk.

Take steps to quickly detect a potential intrusion

The Flashpoint Intelligence Platform, as well as our Compromised Credentials Monitoring and Domain Monitoring solutions helps organizations become aware of potential attack vectors before threat actors have an opportunity to capitalize.

Threat actors are always looking for ways inside the organization and Flashpoint provides teams the tools to take action by eliminating the threat that leaked credentials and other phishing activity pose. With over 38 billion compromised credentials in our data collections, organizations can understand their exposure to risk while gaining the context they need about threat actor groups that may attempt to gain access to their systems.

Ensure that systems are protected against vulnerabilities to prevent ransomware attacks

Vulnerability management is a critical piece of Shields Up, as well as the Biden’s administration’s overall efforts to strengthen the nation’s cybersecurity defenses. Security teams should be using the Known Exploited Vulnerabilities catalog to assist prioritization, however there are issues that organizations should be aware of:

1. Several KEV entries are in RESERVED status, or are undergoing reanalysis meaning that they are likely inaccurate.
2. Missing vulnerability metadata can prevent organizations from completing CISA’s remediation timelines.
3. The KEV Catalog and CVE/NVD lacks Open Source Software vulnerability coverage.

Flashpoint covers over 283,000 vulnerabilities, including over 92,000 not found in the public source. Each entry is standardized and up-to-date, containing critical metadata such as solution information which allows organizations to fasttrack remediation and safeguard their systems from increasing ransomware attacks.

To help organizations shift security left, Flashpoint also monitors and tracks thousands of third-party libraries and dependencies. And with Flashpoint serving as the single source of information, every security team and developers can ensure that their systems and applications are protected.

Maximize the organization’s resilience

Combining Flashpoint’s vulnerability and threat intelligence capabilities allows organizations to bolster their resilience. Now that we’ve joined forces with Risk Based Security, Flashpoint is the only security company that can provide organizations with a complete picture of risk.

Flashpoint’s suite of products enables organizations to see their exposure to exploitable vulnerabilities and supply chain weaknesses in near real-time, while also learning which threat actors plan to use them and how. Using this information, enterprises can prioritize and remediate potential threats.

Implement CISA’s Shields Up recommendations with Flashpoint

Flashpoint has been monitoring the Ukraine-Russian war closely, and we have been giving organizations free access to our collection of intelligence reports regarding Russia’s involvement. Sign up for a free trial today and enhance your vulnerability and threat intelligence capabilities.