News Insights: UK’s National Cyber Security Centre has joined US calls to be wary of Russian state interference in critical infrastructure

The UK’s National Cyber Security Centre has joined US calls to be wary of Russian state interference in critical infrastructure IT systems including telecoms networks, energy and utility suppliers, transport operations and logistics and distribution specialists. This comes shortly after a joint advisory published by CISA and the FBI urged CNI operators to “adopt a heightened state of awareness and to conduct proactive threat hunting”. 

News Insights:

Sanjay Raja, VP of Product Marketing and Solutions, Gurucul: “The NCSC and CISA are absolutely missing the mark. Preventive measures are certainly an important layer of defense, but antivirus is fairly useless against most advanced attacks. Vulnerabilities are no longer the primary entry point (aka initial compromise) for most attacks. While a vulnerability is often exploited as a step in an overall attack campaign, the primary mechanism being more actively used by many adversarial nation states is a combination of phishing and social engineering. This means that initial compromise is dependent on human behaviors and impossible to prevent 100% of the time. All it takes is one successful compromise to circumvent most preventive controls and certainly antivirus, especially as variations in attack strategies are implemented to circumvent signatures, pattern matching and rule-based machine-learning detection analytics. What is required is a stronger detection program that also monitors for and identifies risky access controls, entitlements and user behaviors and associated abnormal or deviant activity. This includes potential threats from the inside, not just outside threats. More advanced and adaptable technologies that use machine learning and artificial intelligence to compensate for threat actor activity and human behavior have proven to be more effective at stopping successful attacks. “