Interesting information reference Russian cyberattacks
Feb 24, 2022 11:34:04 #
From General Dynamics:
Dear Valued Supplier:
As we continue to monitor the Russia and Ukraine conflict, the CyberSecurity & Infrastructure Security Agency (CISA), along with the National Security Agency (NSA) and the Federal Bureau of Information (FBI) are warning of the regular targeting of United States cleared defense contractors and the overall Defense Industrial Base (DIB).
CISA encourages all Critical infrastructure organizations to review the joint CSA: Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology and apply the necessary mitigations.
Given the elevated risk of cyber threats, General Dynamics Mission Systems (GDMS) would like to provide several additional resources published by CISA for your awareness:
StopRansomware.gov
CISA Current Activity Alerts and Tips
Understanding and Mitigating Russian State-Sponsored Cyber Threats
CISA Compiles Free Cybersecurity Services and Tools for Network Defenders
As a reminder, in the unfortunate event that your organization suffers a compromise of company information systems, you may be required in accordance with your GDMS Purchase Order or Subcontract to report this incident within 72 hours of discovery to:
GDMS Supply Chain Management point of contact, and
GDMS SOC hotline at (210) 638-7050, and
Directly to DoD at https://dibnet.dod.mil
You need to provide the incident report number, automatically assigned by DoD, to GDMS as soon as practical.
Thank you for your attention to this important matter.
Regards,
Supply Chain Compliance and Operations
Supply Chain Management
General Dynamics Mission Systems
(Just a reminder to not click on links that are emailed to you and never enter your account info or password after clicking on any link even if it is from someone you know.)
Dear Valued Supplier:
As we continue to monitor the Russia and Ukraine conflict, the CyberSecurity & Infrastructure Security Agency (CISA), along with the National Security Agency (NSA) and the Federal Bureau of Information (FBI) are warning of the regular targeting of United States cleared defense contractors and the overall Defense Industrial Base (DIB).
CISA encourages all Critical infrastructure organizations to review the joint CSA: Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology and apply the necessary mitigations.
Given the elevated risk of cyber threats, General Dynamics Mission Systems (GDMS) would like to provide several additional resources published by CISA for your awareness:
StopRansomware.gov
CISA Current Activity Alerts and Tips
Understanding and Mitigating Russian State-Sponsored Cyber Threats
CISA Compiles Free Cybersecurity Services and Tools for Network Defenders
As a reminder, in the unfortunate event that your organization suffers a compromise of company information systems, you may be required in accordance with your GDMS Purchase Order or Subcontract to report this incident within 72 hours of discovery to:
GDMS Supply Chain Management point of contact, and
GDMS SOC hotline at (210) 638-7050, and
Directly to DoD at https://dibnet.dod.mil
You need to provide the incident report number, automatically assigned by DoD, to GDMS as soon as practical.
Thank you for your attention to this important matter.
Regards,
Supply Chain Compliance and Operations
Supply Chain Management
General Dynamics Mission Systems
(Just a reminder to not click on links that are emailed to you and never enter your account info or password after clicking on any link even if it is from someone you know.)
Feb 24, 2022 12:03:28 #
Feb 24, 2022 12:18:29 #
stanikon wrote:
FBI = Federal Bureau of Investigation
Good catch Stan, the error plus provided link(s) and request for control number makes me wonder if this was an attack?
Feb 24, 2022 12:29:46 #
clickety wrote:
Good catch Stan, the error plus provided link(s) and request for control number makes me wonder if this was an attack?
Could very well be. One prominent clue that links are not what they purport to be is grammatical and linguistic errors.
Feb 24, 2022 12:31:26 #
I saw it to, but I can confirm this came from General Dynamics (the company I consult for is a supplier to GD) and that the phone number listed is legit. The link as printed is legit (that’s the correct address for the agency listed), but I haven’t opened it to see if the actual path is correct. No worries if you don’t open the link and this is just a copy of the text, so I don’t think there’s a danger reading it here, but interesting none the less. Good catch. Our IT manager will contact GD directly to inquire, and I’ll report back.
Feb 24, 2022 12:40:44 #
TriX wrote:
I saw it to, but I can confirm this came from General Dynamics (the company I consult for is a supplier to GD) and that the phone number listed is legit. The link as printed is legit, but I haven’t opened it to see if the actual path is correct. No worries if you don’t open the link and this is just a copy of the text, so I don’t think there’s a danger reading it here, but interesting none the less. Good catch.
Could be legit. Not everyone who works there is a rocket scientist.
Feb 24, 2022 18:30:54 #
alx
Loc: NJ
As a side note:
IF you receive your pay via Direct Deposit from your employer, BE SURE YOUR EMPLOYER HAS AN UP TO DATE MAILING ADDRESS FOR YOU!
If the banking system comes under cyberattack, your direct deposit may be affected. If your mail address is not current, your check, if it comes to that, may get lost in never-never land, especially with today's Postal Service.
Having worked in payroll on a national basis for decades, and having once had our bank disrupted by a DOS attack that lasted a week, I can tell you this can be a serious problem. If your employer can't get your money to you, you are the one who will suffer. Even if your employer INSISTS on direct deposit, make sure they have your current, working address! It might just come down to that.
IF you receive your pay via Direct Deposit from your employer, BE SURE YOUR EMPLOYER HAS AN UP TO DATE MAILING ADDRESS FOR YOU!
If the banking system comes under cyberattack, your direct deposit may be affected. If your mail address is not current, your check, if it comes to that, may get lost in never-never land, especially with today's Postal Service.
Having worked in payroll on a national basis for decades, and having once had our bank disrupted by a DOS attack that lasted a week, I can tell you this can be a serious problem. If your employer can't get your money to you, you are the one who will suffer. Even if your employer INSISTS on direct deposit, make sure they have your current, working address! It might just come down to that.
If you want to reply, then register here. Registration is free and your account is created instantly, so you can post right away.