The advanced capabilities of organized hacker groups and cyber threat actors are an increasing global threat to information systems. Rising threat levels place more demands on cybersecurity personnel and network administrators to protect information systems. Protecting network infrastructure is critical to preserving the confidentiality, integrity, and availability of communication and services across an enterprise.
Cyber campaigns—such as NotPetya—are examples of increasingly advanced threat actor activity. NotPetya coincided with a national holiday of the targeted nation. NCCIC recommends organizations remain vigilant and aware of potential malicious cyber activity ahead of upcoming national holidays, including Ukraine’s Constitution Day on June 28, 2018.
NCCIC encourages users and administrators to review Securing Network Infrastructure Devices and the United Kingdom’s National Cyber Security Centre (NCSC) guidance on Internet Edge Device Security and implement the following recommendations:
- Segregate networks and functions.
- Limit unnecessary lateral communications.
- Harden network devices.
- Secure access to infrastructure devices.
- Perform out-of-band network management.
- Validate hardware and software integrity.