What organizations can do now
First and foremost, organizations should immediately adopt a heightened cybersecurity posture. Verifying that security fundamentals are in place is essential to a strong cybersecurity posture.
The Shields Up advisory lists several proactive actions organizations can take, including:
Organizations can also determine their visible internet attack surface by reviewing results from web search platforms. See CISA’s Get Your Stuff Off Search page for guidance.
In terms of communications, staff should be extra cautious and aware of a possible increase in phishing attacks when reviewing emails:
- Double-check sender addresses.
- Do not click on any links, scan QR codes, or open attachments that seem suspicious or unexpected.
- Report suspected phishing to security or IT teams.
- See CISA’s phishing tip sheet for more information.
Conducting tabletop testing and performing ransomware simulation exercises can help organizations evaluate their readiness for a potential ransomware attack.
Organizations should alert staff to possible phishing threats. Suggested email content could include the following:
In response to the continuing escalation among Russia, Ukraine, and North Atlantic Treaty Organization allies, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recommends that U.S. organizations adopt a heightened cybersecurity posture. In both its advisory and alert, CISA describes the potential for the Russian government to consider escalating its destabilizing actions, such as cyberattacks on gas pipelines and other utilities as well as targeted cyberattacks on companies to disrupt commerce, health services, and other critical infrastructure.
Please be extra cautious and aware of possible phishing attacks when reviewing emails, double-check sender addresses, and do not click any links or attachments that seem suspicious or unexpected, including scanning QR codes from unknown sources. Please report as phishing to continue to build our defenses.
What to do in the event of a cyberattack
All organizations should report incidents and anomalous activity to CISA and/or the Federal Bureau of Investigation (FBI) via the local FBI field office or the FBI’s 24/7 CyWatch at +1 855 292 3937 or [email protected].