Name that Domain: FBI/DHS “Grizzly Steppe” Report Delivers Mitigation Strategies

Name that Domain: FBI/DHS “Grizzly Steppe” Report Delivers Mitigation Strategies 864 486 CyberVista now N2K

This post is part of a series in which we pull security stories right from the headlines and discuss their relevance to the eight domains of the CISSP® exam.

Read our previous posts in this series:
Name That Domain: Backdoors
Name That Domain: Ransomware
Name That Domain: Data Breaches

Name That Domain: FBI/DHS “Grizzly Steppe” Report Delivers Mitigation Strategies

Report Sheds Light on Cyberattacks

On December 29, 2016, the FBI and DHS published a much-anticipated Joint Analysis Report (JAR) on the Russian election hacking scandal. The 13-page document provided new technical details on the “tools and infrastructure” used by the Russian Civilian and Military Intelligence Services (RIS) to infiltrate the U.S. electoral process and compromise its integrity.
The offensive cyber operation, known as Grizzly Steppe, began in the summer of 2015 and was carried out by two separate RIS actors: Advanced Persistent Threat (APT) 28 and APT29. In addition to the election-related hacking of the Democratic National Committee (DNC), the report also indicts the RIS in “targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations leading to the theft of information.”
The method used to infiltrate the DNC was remarkably simple and completely avoidable. According to the report, APT29 first launched its spearphishing campaign on 1000 federal government employees during the summer of 2015. At least one targeted individual opened the phishing email, clicked the malicious link, and unknowingly activated malware on the DNC’s computer system. The malware was first used for reconnaissance, passively gathering and recording the employee’s credentials. However, it was not long before the RIS was able to use the stolen credentials to steal sensitive content from the DNC servers. Specifically, the so-called “Podesta Emails” (belonging to John Podesta, Hillary Clinton’s campaign chairman) were passed to WikiLeaks and publicly disclosed prior to the U.S. election on November 9, 2016.
In addition to providing a summary of the attack, the report also suggests recommended mitigation steps.

Domain 1: Security and Risk Management

The first domain of the CISSP exam provides a high-level overview of information security management. In addition to teaching foundational concepts, cybersecurity leaders can expect to find information about risk management, security awareness, and the unique threats and vulnerabilities associated with an organization’s information assets.
The FBI/DHS report highlights the same considerations, providing tips on how to “Enhance your organization’s cybersecurity posture.” The first recommended mitigation strategy calls for a commitment to cybersecurity best practices that starts at the top. The report suggests specific cybersecurity-related questions for organization leaders to ask themselves – from understanding the intricacies of information backups and incident response to prioritizing employee training and awareness.
The report states, “A commitment to good cybersecurity and best practices is critical to protecting networks and systems.”
All future CISSPs know that a successful cybersecurity strategy begins with support from upper management. A cyber-aware culture starts at the top and, according to the Official (ISC)2 Guide to the CISSP Common Body of Knowledge, cybersecurity should be represented at the highest echelon of the organizational hierarchy.
While studying for the CISSP exam, you will become acquainted with all kinds of solutions to security challenges. While technical knowledge is certainly part of the exam, knowing the inner workings of the latest and greatest gadgets isn’t enough to earn you a passing score. A key element of the CISSP exam – and Domain 1 in particular – involves thinking like a cybersecurity manager, not just a practitioner. This not only means you must consider financial constraints, but also understand that security is ultimately a “people problem.”

The Cybersecurity Experts Agree

Details about the Russian hacking scandal continue to appear in government reports and newspaper headlines. In response to the incident, all seventeen U.S. intelligence agencies have weighed in, Congressional investigations have been called for, and world leaders have issued tense statements. Although the proper course of action is currently obstructed by partisan posturing and political rhetoric, the cybersecurity experts are in agreement: to prevent cyberattacks, organizations must adopt cybersecurity best practices.