The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and the FBI have released an advisory saying they have observed more than 400 cyberattacks against U.S. and international organizations using Conti ransomware. 

Malicious actors use Conti to encrypt workstations and servers, steal files and ask for a ransom payment and gain access to networks through spearphishing campaigns, stolen remote desktop protocol credentials, fake software, phone calls and other common vulnerabilities in external assets, CISA said Wednesday.

“We encourage Americans to visit stopransomware.gov to learn how to improve their own cybersecurity to mitigate risk of becoming a victim of ransomware,” said Eric Goldstein, executive assistant director for cybersecurity at CISA.

NSA, CISA and FBI are recommending several measures to mitigate the risk of Conti ransomware attacks, such as using multifactor authentication, implementing network segmentation and filtering traffic, keeping software updated and screening for vulnerabilities and implementing endpoint and detection response tools.

Rob Joyce, director of cybersecurity at NSA and a previous Wash100 awardee, said cybercriminals using Conti have targeted the defense industrial base and critical infrastructure and NSA is calling on organizations to use the mitigations in the advisory to reduce their risk to ransomware attacks.

ExecutiveBiz, sister site of ExecutiveGov, will host a virtual event about securing the supply chain on Oct. 26. Visit ExecutiveBiz.com to sign up for the “Supply Chain Cybersecurity: Revelations and Innovations” forum.

Microsoft has announced a detailed series of actions the company will be taking in response to the recent Biden Administration initiatives for implementing security tools and best practices to bolster national cybersecurity.

In total, Microsoft will be investing $20 billion over the next five years to design and deliver advanced security solutions that will accelerate the nation’s cybersecurity missions.

In a recent Executive Spotlight, four-time Wash100 Award winner Rick Wagner, president of Microsoft Federal, expressed the company’s commitment to advancing the security of the United States.

Wagner noted, “our greatest strength is Microsoft’s 40-year history of supporting the federal government. Microsoft is committed to assisting the federal government and over that 40 years, our support has evolved.”

The Microsoft Corporation reiterated on Thursday that it will immediately provide $150 million of funding through its FastTrack program to help federal, state and local governments modernize their systems, establish Zero Trust controls and upgrade security protection measures.

Additionally, Microsoft will allocate $50 million of the $150 million towards helping federal agencies modernize and transition their vulnerable legacy infrastructures to cloud infrastructures.

Another action Microsoft outlined includes collaborating with the National Institute of Standards and Technology’s initiative to advance supply chain industry framework and enhance security. In response to Biden’s May 12th Executive Order, Microsoft developed the Supply Chain Integrity Model (SCIM) to enable automated verification of supply chain security policies, evidence and artifacts for products including software, hardware and machine learning datasets.

“There is a great deal of interest in creating resilient and secure supply chains and we are actively working to do that,” Wagner stated in an interview with ExecutiveBiz.

To reflect Microsoft’s commitment to the open-source community, the corporation has made SCIM information publicly available through NIST and GitHub.

Microsoft also recently became an Alliance Partner in the Cybersecurity & Infrastructure Security Agency’s (CISA) new Joint Cyber Defense Collaborative aimed at promoting resilience and strengthening cyber defense capabilities.

In order to broaden access to government-specific training, workshops, certifications and reference architectures, Microsoft also launched a free repository of educational resources on cybersecurity.

Microsoft emphasized that these actions will foster close collaboration with industry leaders and government entities and will result in accelerated modernization and increased national security.

On October 14, 2021, the Potomac Officers Club will be hosting their seventh annual 2021 Intel Summit featuring notable federal and industry leaders to discuss the future of technology in intelligence agencies. Check out the event to to learn more about how intelligence officials incorporate cutting-edge technology and techniques to gather intelligence and combat adversaries.

The Information Technology Industry Council (ITI) advises the Office of Management and Budget (OMB) to help agencies identify priorities when implementing a zero-trust architecture (ZTA).

ITI said Tuesday that it made a list of recommendations regarding the OMB's Federal Zero Trust Strategy, which will guide agencies as they migrate to a ZTA.

The council said agencies need guidance to determine how to prioritize ZTA use cases based on assets, high-risk vulnerabilities and known threats. This guidance must consider the incremental nature of ZTA adoption, which is not a wholesale infrastructure replacement.

ITI also said OMB should involve the IT administrators of these agencies in anticipation of future cultural changes. The council advises OMB to refer agency administrators to the future, finalized version of the ZT Starting Guide, which is developed by the National Institute of Standards and Technology (NIST).