CISA cyber security alerts jump over 600% in 2020

What is CISA?

The Cybersecurity and Infrastructure Security Agency (CISA) is the United State’s risk advisor. CISA’s mission is to build the United States capacity to defend against cyber attacks. CISA works with the federal government to provide cybersecurity tools, incident response services and assessment capabilities to safeguard networks that support the essential operations of partnering government agencies.

What is the NCAS?

The National Cyber Awareness System (NCAS) provides alerts and time sensitive information about current cyber security issues, vulnerabilities, and exploits. NCAS provides a bulletin with the most frequent, high-impact types of security incidents currently being reported to the US-CERT. NCAS provides weekly summaries of new vulnerabilities along with summary patch information. NCAS also provides detailed technical analysis on a new or evolving cyber threat in the wild.

CISA Cyber Alert Activity for 2020

In an alarming spike in alerts, CISA alerts jumped by 660% from 5 in 2019 to 38 alerts in 2020. Here’s a summary of what issues impacted the cyber security landscape in 2020.

Alerts about Advanced Persistent Threats

  • APT Actors targeting U.S. think tanks
  • APT actors chaining vulnerabilities against SLTT, critical infrastructure, and elections organizations
  • APT Compromise of government agencies, critical infrastructure, and private sector organizations
  • APT Groups targeting healthcare and essential services
  • Iranian APT Actor identified obtaining voter registration data
  • Iranian APT Actors threatening election-related systems
  • Russian state-sponsored APT actor compromising U.S. Government targets
  • Guidance on North Korean APT Kimsuky

Threats from nation and nation-affiliated actors

  • Iran-Based threat actor exploiting VPN vulnerabilities
  • Chinese Ministry of State affiliated cyber threat actor activity
  • North Korea’s BeagleBoyz targeting banks
  • Guidance on the cyber threat from North Korea
  • Potential for China cyber response to heightened tensions with the US
  • Potential for an Iranian cyber response to U.S. Military strike in Baghdad

Alerts about patching critical vulnerabilities

  • Critical vulnerability discovered in SAP NetWeaver AS Java
  • Legacy risk from malware targeting QNAP NAS devices
  • Exploitation of the Pulse Secure VPN vulnerability
  • Continued exploitation of the Pulse Secure VPN after patching
  • Threat actor exploitation of the F5 BIG-IP CVE-2020-5902 vulnerability
  • Critical vulnerabilities in discovered in Microsoft Windows operating systems
  • Critical vulnerability discovered in the Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP
  • Exploitation of the Pulse Secure VPN vulnerability
  • Detecting the Citrix CVE-2019-19781 vulnerability

Alerts about active cyber threats

  • Cyber actors targeting K-12 distance learning education to create disruption and steal data
  • Defending against malicious cyber activity originating from the Tor network
  • LokiBot Malware
  • Malicious cyber actor using network tunneling and spoofing to obfuscate geolocation
  • Phishing emails used to deploy KONNI malware
  • Ransomware impacting critical infrastructure pipeline operations
  • Emotet malware

Guidance about defending against cyber threats

  • Remediating enterprise VPN security vulnerabilities
  • Top 10 most routinely exploited vulnerabilities
  • Uncovering and remediating malicious activity
  • Information about EINSTEIN Data Trends
  • Immediate actions to reduce exposure across operational technologies and control systems

COVID-19 related cyber threats

  • COVID-19 being exploited by malicious cyber actors
  • Malicious cyber actor COVID-19 Loan relief webpage phishing
  • Recommendations on improving Microsoft Office 365 security

Monitoring for Cyber Threat Activity in 2021

Due to the COVID19 pandemic, we experienced major digital transformation, global uncertainty, and a massive strain on resources. Malicious cyber actors took note and escalated their nefarious acts. In the midst of all this, we experienced a major supply-chain attack. In all of this, there is one very clear thing. Quality intelligence and information need to be rapidly shared and delivered to organizations to detect and defend against advanced cyber threats. While the rise of alerts from CISA may be alarming, it’s also very positive. This level of information shared with the public and industry enables all to defend against the threat quicker and reduce its impact. If you would like to add CISA alerts to DigitalStakeout, contact us, and we’ll show how you can monitor all your favorite alert sources to help you stay informed and defend against cyber threats that we’ll face in 2021.