-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT Security Bulletin
President Biden warns of possible escalation of cyber attacks from Russia
23 March 2022
AusCERT Security Bulletin Summary
Product: Potential Cyberattacks
On 21 March 2022 the US President released a statement warning of possible escalation of cyber attacks from Russian threat actors.
Be alert, but not alarmed.
SANS released a detailed blog which may assist you with this .
The main points from the SANS article are:
1. Now is not the time to rush into blocking all traffic from Russia, or implementing security controls in a short period of time. Instead, attempt
to reduce the workload of teams who may be called upon should an attack actually occur, so they will be prepared to respond.
2. Communicate with your leadership team. Inform them that yes, world events can impact your local domain, however as long as existing (tested,
hopefully!) controls are in line with the risk appetite of the organisation, and you have good visibility of your vulnerabilities, these events
are manageable. This may start additional discussions - opportunities to seek additional funding to test controls or implement new ones (in a
controlled manner, noting point 1 above). The White House "facts sheet" may help with this .
3. Trust your team, rather than adding work by searching for things that may not even exist. Your internal CSOC, Infrastructure, Network and Service
Desk Teams are all excellent "intrusion detection systems" powered by humans.
Review and act accordingly.
What is AusCERT doing?
1. As we uncover tactical information such as indicators of compromise from phishing and malware attacks, these are added to the CAUDIT (AHECS) ISAC
MISP. You can retrieve this information via the automated API method or by logging in to the GUI and viewing events.
2. AusCERT's ADIR (Daily Intel Report) contains news articles which inform about current events.
3. We'll continue to provide incident response and advice, such as the excellent, detail network security guide released this month by the NSA .
4. Those utilising the AARNet SOC have this additional layer of protection.
 Statement by President Biden: What you need to do (or not do)
 National Security Agency Cybersecurity Technical Report
 FACT SHEET: Act Now to Protect Against Potential Cyberattacks
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: firstname.lastname@example.org
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----