CISA Alert AA23-059A – CISA red team shares key findings to improve monitoring and hardening of networks. [CISA Cybersecurity Alerts]

CyberWire Daily

N2K Networks, Inc.

Technology, Daily News, News, Tech News

4.8 • 1.1K Ratings

🗓️ 3 March 2023

⏱️ 3 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

The Cybersecurity and Infrastructure Security Agency is releasing this Cybersecurity Advisory detailing activity and key findings from a recent CISA red team assessment—in coordination with the assessed organization—to provide network defenders recommendations for improving their organization's cyber posture. AA23-059A Alert, Technical Details, and Mitigations No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	This is a CISA Cybersecurity Alert.
0:14.0	ID number Alpha, Alpha 23 TAC 059
0:20.0	Alpha. Original release date, February 28, 2023.
0:28.6	In 2022, SISA conducted a Red Team assessment
0:31.9	at the request of a large critical infrastructure
0:34.0	organization with multiple geographically separated sites.
0:38.3	The team gained persistent access to the organization's network, moved laterally across the organization's multiple
0:44.0	geographically separated sites, and eventually gained access to systems adjacent to the
0:48.9	organization's sensitive business systems.
0:51.8	Multifactor authentication prompts
0:54.0	prevented the team from achieving success to one sensitive system,
0:57.0	and the team was unable to complete its viable plan
1:00.0	to compromise a second sensitive system within the assessment period.
1:03.4	Despite having a mature cyber posture, the organization did not detect the Red Team's activity
1:08.4	throughout the assessment, including when the team attempted to trigger a security response.
1:13.0	CISA is releasing this advisory detailing the Red Team's tactics, techniques, and procedures
1:18.4	and key findings to provide network defenders of critical infrastructure organizations proactive steps to reduce the threat of similar activity from malicious actors.
1:27.0	This advisory highlights the importance of collecting and monitoring logs for unusual activity and continuous testing and exercises
1:35.3	regardless of the maturity of your cyber posture.
1:38.8	The advisory documentation listed in the show notes includes additional technical details,
1:43.0	TTPs, and a complete outline of the red team exercise with a mitre attack mapping.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.