New Cyber Advisory from CISA

October 28, 2020

The US Federal Cybersecurity & Infrastructure Security Agency (CISA) released a cyber advisory for critical infrastructure sectors, particularly energy and aviation, warning the IRON LIBERTY threat group poses a significant threat.

The advisory emphasizes that the threat can be mitigated through best practice hygiene measures focusing on the following:

  1. Patching of internet-facing systems
  2. Multi-factor authentication
  3. Credential resets where user accounts are believed to have been compromised

IRON LIBERTY is a threat group that uses both shared and custom hacker tools. Security analysts suggest it is connected to the Russian government and supports the Russian energy industry. Their compromises allow persistent full exploitation of systems for IRON LIBERTY to compromise security, programming, and data at will, including co-opting software of Industrial Control Systems (ICS). Once inside, they can steal information and remove evidence of the compromise.

IRON LIBERTY timeline (Source: Secureworks)

IRON LIBERTY poses a significant threat to organizations in critical infrastructure sectors, particularly energy and aviation. However, the techniques described in the CISA advisory can be mitigated through best practice hygiene measures.

How risk managers can prepare for cyber attacks

While a cyber-attack can have a consequential impact on your organization, three of the biggest impacts are:

  1. Computer and operational systems downtime with revenue loss
  2. Theft of corporate and personal information
  3. Possible physical damage

To protect their companies, risk managers should know if their cyber insurance policies cover both first- and third-party cyber risks to the broadest extent that can be negotiated in the market with a particular focus on direct cyber risk damage. They should also know if their property program covers cyber caused property damage. Once this information is understood, consideration should be given to whether any gaps in coverage or additional limits should be added to the program.

Additional timeline updates:

2019: IRON LIBERTY used strategic web compromises against Ukrainian sport, media, energy, and telecommunication websites for NTLM hash stealing operations

2020: IRON LIBERTY begins targeting U.S. aviation organizations, operating on behalf of Russia

Defend your data and reputation. Contact us today.