The Federal Communications Commission is encouraging communications companies to read a federal security advisory about cyber threats from Russia, and act on it.
“The commission urges all communications companies to take the recommended actions to protect their networks from cyber threats, to detect and notify CISA of cyber threats impacting communications services and infrastructure, and to share threat information with CISA and other industry stakeholders, as appropriate,” it said in an announcement.
CISA is the Cybersecurity and Infrastructure Security Agency.
On Jan. 11, CISA, the FBI and the National Security Agency issued a joint cybersecurity advisory called “Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure.”
The document states, “Historically, Russian state-sponsored advanced persistent threat actors have used common but effective tactics — including spearphishing, brute force and exploiting known vulnerabilities against accounts and networks with weak security — to gain initial access to target networks.” The advisory listed vulnerabilities known to be exploited by Russian state-sponsored actors, and goes into details that your head of IT will appreciate.
According to the advisory, critical infrastructure organizations in particular should take certain immediate steps including patching all systems, prioritizing known exploited vulnerabilities; implement multi-factor authentication; use antivirus software; and develop internal contact lists and support.
If you think you aren’t “critical infrastructure,” remember the role of broadcasters in local and national alerting and in disseminating information about national events. Media companies are juicy targets for the black hat crowd in general, as numerous experts have told Radio World over the years.