-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2022.0072
 President Biden warns of possible escalation of cyber attacks from Russia
                               23 March 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:    Potential Cyberattacks
Resolution: Mitigation

OVERVIEW

        What's happening?
        
        On 21 March 2022 the US President released a statement warning of possible escalation of cyber attacks from Russian threat actors.
        


IMPACT

        Be alert, but not alarmed.

        
        SANS released a detailed blog which may assist you with this [1].
        
        
        The main points from the SANS article are: 
        1. Now is not the time to rush into blocking all traffic from Russia, or implementing security controls in a short period of time. Instead, attempt
           to reduce the workload of teams who may be called upon should an attack actually occur, so they will be prepared to respond.
 
        2. Communicate with your leadership team. Inform them that yes, world events can impact your local domain, however as long as existing (tested,            
           hopefully!) controls are in line with the risk appetite of the organisation, and you have good visibility of your vulnerabilities, these events            
           are manageable. This may start additional discussions - opportunities to seek additional funding to test controls or implement new ones (in a            
           controlled manner, noting point 1 above). The White House "facts sheet" may help with this [3].
             
        3. Trust your team, rather than adding work by searching for things that may not even exist. Your internal CSOC, Infrastructure, Network and Service            
           Desk Teams are all excellent "intrusion detection systems" powered by humans. 
        


MITIGATION

        Review and act accordingly.
        
        What is AusCERT doing? 

        1. As we uncover tactical information such as indicators of compromise from phishing and malware attacks, these are added to the CAUDIT (AHECS) ISAC            
           MISP. You can retrieve this information via the automated API method or by logging in to the GUI and viewing events.
 
        2. AusCERT's ADIR (Daily Intel Report) contains news articles which inform about current events.

        3. We'll continue to provide incident response and advice, such as the excellent, detail network security guide released this month by the NSA [2].
 
        4. Those utilising the AARNet SOC have this additional layer of protection.  


REFERENCES

        [1] Statement by President Biden: What you need to do (or not do)
            https://isc.sans.edu/forums/diary/Statement+by+President+Biden+What+you+need+to+do+or+not+do/28466/

        [2] National Security Agency Cybersecurity Technical Report
            https://media.defense.gov/2022/Mar/01/2002947139/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDANCE_20220301.PDF

        [3] FACT SHEET: Act Now to Protect Against Potential Cyberattacks
            https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/fact-sheet-act-now-to-protect-against-potential-cyberattacks/

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYjqqIONLKJtyKPYoAQiWkw//eLo/tMAlR7S3PW1KVPTdmSI8xaAN+1a/
U54hz5yJqYYc98pd9CmNqS5wSDy97lwJf+Yre0QqWnu1lX7DJXvulLbP3kV/N5gw
Z8GjmPNQpfspW+VdYZ4DV17fkDS9LVAsKghKd2uAc0hCRfxYVj7oRdaWdo6kVE9h
heUK42FICCxcxwCliDayHklUax+XZJqlsVoG+j9JgQDyecdSQElQnu1XdVWaJlNb
J/SeZoA924gkYuHlIwtHFj1ACfsqq/KgKXjINg1hGblAwX4eeZaHNTf7ZjXltF+T
W1O7/HRQruJ6SRweJk1YqxAzIAVj3OcQ+0Tu35kO4Qq9lIVgAieg+OnX7pi1vl92
0CBQgXfiEGxPJ6LyYDX2Urcubqy2TJGStaz4uZ+UsNfLA3o9ahzIxZMqfyRMOoy4
s0LWFOu/I6/UcZN4qltpC3wncFDQ8f8paIYyK9GWSAmupHrrDgIvUzmg97PlpAsw
qJFm9M5xB8np7as9SZtH4csGMz+yocsX+Y5aG/Lc4aFAnokeK2nrzI4hI9bE+m9h
AEfG6Wjc1WWlu/dLkhcHds8r5Oc6fNB394NZankOgV7bHwptDhIUAXVtgO9+C2sq
5V5USuyXOR0tdRSJlb5ymIYTiXmYCDdXZfmfO9wNUcVpvLSQBjEnDS3ocbOeVX91
8lOmaBRomA0=
=2ANX
-----END PGP SIGNATURE-----