Recommendations from the Cyber Centre

The Canadian Centre for Cyber Security (CCCS) monitors the cyber threat environment in Canada and globally.

Last week, they published a bulletin to remind the cybersecurity community to raise awareness about Russian-backed cyber threat activity.

They shared a set of recommended proactive network monitoring and mitigations for Canadians organizations.

Be ready to isolate components

  1. Consider which components of your system would be attractive to disrupt.
  2. Be prepared to isolate components and services, both from the internet and from internal networks.

Increase organizational vigilance

  1. Spearphishing campaigns get increasingly sophisticated. Equip yourself to detect and manage their impact.
  2. Monitor your networks with a focus on the TTPs reported in the CISA advisory.
  3. Make sure IT teams focus their cybersecurity efforts on identifying and quickly assessing unexpected or unusual network behavior.

Enhance your security posture

  1. Patch your systems, with a focus on the vulnerabilities in the CISA advisory
  2. Enable logging and backups.
  3. Deploy network and endpoint monitoring.
  4. Implement multifactor authentication where appropriate.
  5. Create and test offline backups.

Have a cyber incident response plan

  1. Plan for the continuity of operations.
  2. Plan for emergency communications.

Inform the Cyber Centre of suspicious or malicious cyber activity

You can report information to the Cyber Centre to help them provide advice, guidance, and services.

They will ask you when the event happened, when you made the discovery, what was affected, what was the impact, and if the situation is under control.

You will then categorize the event under 1 of 7 categories.

Actions:

  • Denial of service - Attacks that prevent the use of networks, systems, or applications by exhausting resources or making services unavailable.
  • Social engineering - Tricking people into misbehaving or divulging secrets, using knowledge of human behaviour.
  • Improper usage - Conduct that violates IT security or other policies, or that impacts the c/i/a of computing resources.

Results:

  • Unauthorized access - Someone accessing a system or information without authorization
  • Identified vulnerability - Flaws that could be exploited by attackers.
  • Information breach - Disclosure of sensitive data outside of its security classification or need-to-know.
  • Malicious code - Code meant to disrupt the c/i/a of one or more computing resources

Remember that the CCCS might share information you put in these forms with their public and private partners. This includes details like URLs, IP addresses, device details, and email addresses.

I hope you found this valuable

I send out an e-mail whenever I publish new content. It's free. No spam. Unsubscribe whenever you want.