- The Biden administration reiterated calls for private industries and other organizations to prepare for a possible Labor Day cyberattack, leading Anne Neuberger, deputy national security advisor for cyber and emerging technologies, to address the issue Thursday from the White House briefing room.
- "To be clear, we have no specific threat information or information regarding attacks this weekend, but what we do have is history," Neuberger said. "And in the past, over holiday weekends, attackers have sometimes focused on security operations centers that may be understaffed, or a sense that there are fewer key personnel on duty as they may be on vacation."
- The FBI meanwhile issued an alert to companies in the food and agricultural industry of a possible attack against U.S. food processing and agricultural companies, citing a series of attacks against the industry, including the JBS USA attack.
Neuberger's remarks come just after federal security agencies sent out a warning urging vigilance ahead of Labor Day. The FBI and the Cybersecurity and Infrastructure Security Agency on Wednesday warned that the extended weekend posed a risk for possible ransomware or other malign activity.
The agencies noted a pattern of recent attacks, including the attacks on meatpacker JBS USA over the Memorial Day weekend and IT monitoring provider Kaseya over the Fourth of July weekend.
In particular, Neuberger raised concerns about operators in critical infrastructure sectors to make sure they were alert to potential vulnerabilities.
Companies need to make sure patches are up to date, employees use strong passwords, and key personnel should immediately update their passwords, Neuberger said. In addition, companies need to employ multifactor authentication, particularly IT staff and key personnel.
Organizations should also create offline data backups, engage in proactive threat hunting and beware of phishing attempts, she said.
The warnings for the agriculture sector come as critical infrastructure has seen an uptick in attacks this year.The FBI alert noted a July attack on a U.S. bakery company by Sodinokibi/REvil that forced the firm to shut down for a week after software used by a managed service provider was compromised.
The notice also cited a January attack against a U.S. farm that had to temporarily shut down and resulted in $9 million in losses. The unknown threat actor gained access to the company systems using compromised credentials to gain administrator level access, according to the alert.
The alert comes just weeks after a researcher, speaking during the DefCon security conference, disclosed vulnerabilities in John Deere equipment that could allow an attacker to access database information or engage in malicious activity. A spokesperson for John Deere could not be immediately reached.
The original FBI/CISA warning highlighted that companies are increasingly using remote desktop tools to gain visibility into environments due to COVID-19 protocols, and cybercriminals are taking advantage of that technology to gain entry into IT systems with malicious intent.
"For the weekend and into the future, RDP warrants further attention from security operations," Jeff Barker, VP of cybersecurity at Illusive said. "The prominence of RDP in use for remote management has only increased with the Covid-driven hybrid workforce, and if not managed properly increases security risks for most organizations."
Paul Furtado, senior director at Gartner, said the alerts from the administration will help make the public more aware of the heightened ransomware threat, but warned organizations that “if you are waiting on the government to run your security department, you are already in a losing battle.”
Threat actors usually wait until after hours to target unsuspecting enterprise targets, but experienced security professionals already know those tendencies and companies have been reviewing their backup and data encryption for months.
Neuberger was asked by reporters whether the Russians have taken any action to crack down on ransomware gangs since President Biden met with President Vladimir Putin and Neuberger said that discussions were ongoing on that subject, but emphasized that Biden is "looking for action with regard to addressing cyber activity."