The National Security Agency and partners from the U.S., Canada, Australia, the U.K. and New Zealand have released a joint cybersecurity advisory outlining the tactics, techniques and procedures used by Russian foreign intelligence service, or SVR, cyber actors to infiltrate cloud-hosted networks.

The advisory focuses on how the Russian SVR cyber actors, also known as APT29, Midnight Blizzard, the Dukes or Cozy Bear, target an organization’s cloud environment by logging into inactive accounts and automated system accounts using techniques such as password spraying.

“We, along with our valued partners in the U.K., have seen the potential for Russian state actors to infiltrate cloud environments and we’re responding accordingly. As the world modernizes their systems, we need to do all we can to reduce the attack surface for cyber actors to penetrate,” said Rob Joyce, NSA’s director of cybersecurity and a two-time Wash100 awardee.

According to the advisory, SVR threat actors have previously targeted governmental, think tank, healthcare and energy sectors and are expanding their campaigns to include aviation, law enforcement, education, defense and local and state governments.

To mitigate the threats, the advisory recommends that network defenders and organizations enforce cybersecurity measures, including system account management, conditional access policies, device enrollment, strong passwords, multifactor authentication and system updates.

The Potomac Officers Club will host the 2024 Cyber Summit on June 6 to discuss the ever-evolving role of cyber across the government sector. Click here to register!

The Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security plans to launch a competition for a requirement to provide critical infrastructure risk analysis and planning services in support of the National Risk Management Center’s mission.

CISA intends to award the requirement through the OASIS contract vehicle, which stands for One Acquisition Solution for Integrated Services, according to a notice published Monday in the Acquisition Planning Forecast System.

Contract work includes conducting data analytics; performing risk analysis; aligning requirements, capabilities and data available to the National Risk Management Center to understand and mitigate risks to critical infrastructure; reviewing and analyzing systems and assets to identify risks for cascading impacts; and supporting potential work surges to back changing priorities.

CISA anticipates the release of a solicitation for the new requirement by April 9.

The planned requirement has an estimated value of between $20 million and $50 million and is expected to be awarded by the third quarter of fiscal year 2024.

Work will be performed in Arlington, Virginia, with an expected completion date of Sept. 26, 2025, according to APFS.

Join the Potomac Officers Club’s 2024 Cyber Summit on June 6 and hear cyber experts, government and industry leaders discuss the latest trends and the dynamic role of cyber in the public sector. Register here.

The White House Office of the National Cyber Director is urging technical and research sectors to do their part in implementing secure-by-design and memory-safe principles in software development.

In a report released Monday, ONCD analyzed common vulnerabilities and exposures and found that the most common cause of software bugs since the 1980s are memory safety vulnerabilities.

Software and hardware creators have the ability to proactively prevent these flaws by designing memory-safe programming languages, according to the report. Its recommendations are based in part on request for information responses from the private sector and academic community.

ONCD also called on the research community to develop diagnostic approaches for software measurability and memory safety.

“This report was created for engineers by engineers because we know they can make the architecture and design decisions about the building blocks they consume – and this will have a tremendous effect on our ability to reduce the threat surface, protect the digital ecosystem and ultimately, the Nation,” said Anjana Rajan, assistant national cyber director for technology security.

The National Institute of Standards and Technology’s cybersecurity center has issued two special publications to help identify, detect and respond to data breaches.

The documents released Friday by the National Cybersecurity Center of Excellence also guides organizations on how to protect their assets and recover from such attacks.

The two publications explain data security based on the triad of confidentiality, integrity and availability. They also adopted principles based on NIST Cybersecurity Framework 1.1.

SP 1800-28 includes a detailed discussion of multifactor authentication solutions to prevent phishing attacks on enterprise systems. It contains a flow diagram on MFA using virtual desktop interface software as well as protected network sharing of sensitive information.

SP 1800-29 suggests procedures to resolve incidents of ransomware, accidental email and laptop loss, misuse of access privileges and electronic eavesdropping. NCCoE shares how to monitor privacy using logging and network detection platforms.

Both documents are directed at chief information security officers, chief technology officers and similar business decision-makers, as well as IT professionals and program managers designated for technology, security and privacy.