White House Warns Of Cyberthreats Over Labor Day WeekendNSC Adviser Anne Neuberger Says Organizations Should Take Precautions
While there is currently a lack of specific cyberthreats, Deputy National Security Adviser Anne Neuberger urges organizations, especially operators of U.S. critical infrastructure, to take additional precautions over the Labor Day weekend, as threat groups have taken advantage of previous holidays to conduct attacks.
Taking the unusual step of briefing reporters on Thursday over cyber concerns, Neuberger repeated the warnings contained in a joint U.S. Cybersecurity and Infrastructure Security Agency and FBI alert issued earlier this week that noted several large-scale and damaging ransomware attacks have happened over previous holiday weekends when security operation centers might be understaffed and employees away on vacation (see: CISA Warns of Holiday Ransomware Attacks).
While the FBI and CISA, along with the White House, are urging organizations to take precautions during the holiday weekend, officials stressed that there is no specific intelligence around an imminent threat to businesses, government agencies or critical infrastructure.
"We have no specific threat information, or information regarding attacks this weekend, but we do have a history … Over holiday weekends attackers have sometimes focused on security operation centers that may be understaffed, or a sense of there were fewer key personnel on duty as they may be on vacation, and indeed a long weekend can sometimes make attackers feel they have extra time to navigate in the network before they were detected," Neuberger, who oversees cyber and emerging technology for the National Security Council, said.
"As a long weekend is coming, we want to raise awareness and this need for awareness is particularly for critical infrastructure owners and operators who offer critical services for Americans," Neuberger noted.
Tom Kellermann, the head of cybersecurity strategy for VMware and a member of the Cyber Investigations Advisory Board for the U.S. Secret Service, called the briefing unusual and says that it's likely the White House might have received some "chatter" about a possible cyber incident and that might tie into the visit this week of the president of Ukraine.
"I assume they have chatter indicating that a systemic destructive cyberattack is imminent," Kellermann says. "I would suspect one of the Russian cyber cartels will launch it as a response to the historic visit of the President of Ukraine to the White House."
The last three major ransomware attacks that have targeted mainly U.S. companies and firms have all coincided with a holiday weekend.
On May 7, just before Mother's Day weekend, a Russian-speaking ransomware gang called DarkSide launched an attack against Colonial Pipeline Co., which forced the company to shut down fuel shipments to much of the East Coast for several days afterward.
Later in May, over the Memorial Day weekend, the Brazilian-based meat processor JBS was hit by a REvil, aka Sodinokibi, ransomware attack that affected U.S. and Australian meat production facilities and resulting in a complete production stoppage. The most recent attack took place during the Independence Day holiday, when REvil attacked the managed service provider Kaseya's VSA remote management software platform."
These attacks, specifically the one aimed at Colonial Pipeline Co., were a major topic of discussion between President Joe Biden and Russian President Vladimir Putin when the two met in Geneva in June. U.S. officials believe that the Russian government has turned a blind eye to cybercriminals operating within its border, although Putin has denied the allegations (see: Analysis: The Cyber Impact of Biden/Putin Summit Meeting).
Neuberger noted that the Biden administration continues to engage with Russia over the issue of ransomware.
"That being said, we also need to look at our own activity and the reason for this today is to ensure that we're doing everything we can to lock our digital doors and ensure that our networks and our organizations are as safe as they need to be online," Neuberger said.
When asked about a recent drop in these types of large-scale ransomware attacks, Neuberger said there is no one specific reason for this decrease, and added: "We continue to see successful attacks occurring against vulnerabilities for which there are patches."
As for this coming weekend, Neuberger said that attackers are continuing to take advantage of well-known vulnerabilities in software and applications, and she urged organizations to patch for these flaws and install updates to close any potential backdoors into networks (see: 'ProxyToken' Bug Put Microsoft Exchange Email at Risk).
Neuberger also urged key personnel in companies and organizations to update and change passwords and to implement other security features such as multifactor authentication. She also noted that during a White House meeting with technology, insurance and financial leaders last week, some executives said that multifactor authentication "prevented 80% to 90% of cyberattacks."
Finally, Neuberger urged organizations to create backups of their files and data and to keep those segmented from other parts of the network so that systems and applications could be reconfigured following an attack. She also urged organizations to turn to the FBI as a resource.
Neuberger said the federal government would monitor threat intelligence over the Labor Day holiday.
"We pulled together the intelligence community to ensure that we are tracking any and all threats and to ensure that they're highly alert for anything related to that," Neuberger said. "We, of course, are bringing together agencies across the government, including key ones like FBI and CISA, to ensure that they are fully postured and fully prepared to be on staff, and [that they are] noting any early signs of any incident so we could rapidly jump on them and respond to them."