CyberWire Daily - CISA Alert AA23-059A – CISA red team shares key findings to improve monitoring and hardening of networks. [CISA Cybersecurity Alerts]
Episode Date: March 3, 2023The Cybersecurity and Infrastructure Security Agency is releasing this Cybersecurity Advisory detailing activity and key findings from a recent CISA red team assessment—in coordination with the asse...ssed organization—to provide network defenders recommendations for improving their organization's cyber posture. AA23-059A Alert, Technical Details, and Mitigations No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. Alpha. Original release date, February 28, 2023.
In 2022, CISA conducted a red team assessment at the request of a large critical infrastructure organization with multiple geographically separated sites. The team gained persistent
access to the organization's network, moved laterally across the organization's multiple
geographically separated sites, and eventually gained access to systems adjacent to the organization's network, moved laterally across the organization's multiple geographically separated sites, and eventually gained access to systems adjacent to the organization's sensitive
business systems. Multi-factor authentication prompts prevented the team from achieving
success to one sensitive system, and the team was unable to complete its viable plan to compromise
a second sensitive system within the assessment period. Despite having a mature cyber posture,
the organization did not detect the Red Team's activity
throughout the assessment,
including when the team attempted to trigger a security response.
CISA is releasing this advisory
detailing the Red Team's tactics, techniques, and procedures
and key findings
to provide network defenders of critical infrastructure organizations
proactive steps to reduce the threat of similar activity from malicious actors.
This advisory highlights the importance of collecting and monitoring logs
for unusual activity and continuous testing and exercises
regardless of the maturity of your cyber posture.
The advisory documentation listed in the show notes
includes additional technical details, TTPs,
and a complete outline of the Red Team exercise with a MITRE attack mapping. CISA encourages critical infrastructure
organizations to apply the recommendations in the mitigation section of this advisory
to ensure security processes and procedures are up to date, effective, and enable timely
detection and mitigation of malicious activity. To report incidents and anomalous activity or
to request incident response resources
or technical assistance,
contact CISA at report at cisa.gov,
call 888-282-0870
or report incidents to your local FBI field office.
This report was written by CISA,
the United States Cybersecurity
and Infrastructure Security Agency,
and edited and adapted for audio
by the Cyber Wire as a public service.
Please visit www.cisa.gov to read the full report,
which may include additional details, links, and illustrations.
A link to this report can be found in the show notes.
This has been a CISA Cybersecurity Alert.