The Russian Govt. is exploring “options for potential cyber-attacks” on critical infrastructure in the US, the White House warned on Mon., in retaliation for sanctions & other punishments as the war in Ukraine rolls on.
“Evolving intelligence” now shows Russia ramping up for cyber-war in response to Ukraine-related sanctions, the White House commented — but researchers warn that many orgs are still not prepared.
Evolving Intelligence
Officials observed that its latest intelligence shows cyber-related “preparatory activity” on the part of President Vladimir Putin’s Govt., though White House Deputy National Security Adviser for Cyber & Emerging Technology, Anne Neuberger, emphasised that no solid threat has been identified.
“To be clear, there is no certainty there will be a cyber-incident on critical infrastructure,” she told reporters during a briefing. She added, “There is no evidence of any specific cyber-attack that we are anticipating.
Classified Context
There is some preparatory activity that we are seeing & that is what we shared in a classified context with companies who we thought might be affected.”
That observed prep work includes vulnerability scanning & website probing, she added, declining to add any specifics. She noted that officials were holding more detailed classified briefings with organisations they believe could be targeted.
“The current conflict has put cyber-security initiatives in hyperdrive, & today, industry leaders aren’t just concerned about adversaries breaching critical infrastructure but losing access & control to them,” Saket Modi, co-founder & CEO at Safe Security, outlined.
Presidential Statement
In addition to the briefing, the White House released a cyber-preparedness fact sheet, & US President Joe Biden issued the following statement:
“I have previously warned about the potential that Russia could conduct malicious cyber activity against the US, including as a response to the unprecedented economic costs we have imposed on Russia alongside our allies & partners. It is part of Russia’s playbook.
Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Govt. is exploring options for potential cyber-attacks.”
Fact Sheet
The fact sheet contains basic advice for hardening cyber-defences, including employee awareness education; implementing multifactor authentication; keeping patching up-to-date; ensuring backups for data; turning on encryption; red-team exercises; & updating security tools.
“This is a call to action and a call to responsibility for all of us,” Neuberger said, again citing a “potential shift in intention” by Russia.
Not Prepared
Jason Rebholz, CISO at Corvus Insurance, noted that basic cyber-hardening should have begun long ago.
“The White House’s best practices echo security fundamentals – something every organisation should strive for,” he suggested. “For many organisations, the time to implement was several years ago, as the frequency & severity of attacks began to escalate.
Like planting a tree, the best time to secure your organisation was 10 years ago. The next best time is today. Organisations that have not addressed the key items & hardened their cyber-defences are at a significantly greater risk of compromise.”
Challenges
Beyond the basics, there are other challenges in being prepared for an onslaught from Russia’s considerable cyber-arsenal, Modi stated.
“While govts. & businesses have started pivoting towards proactive cyber-security, it is difficult to do so without addressing the 3 major challenges in cyber-security that organisations face,” he explained.
“There are too many cyber-security products that do not communicate with each other, & this siloed approach leads to managing cyber-security reactively. Finally, despite increased attention on the need for a better disclosure mechanism of cyber-attacks, cyber-security communication continues to be a challenge since it often lacks a business context.”
Zero-Day Exploits
Meanwhile, Danny Lopez, CEO at Glasswall, pointed out that the real risk involves zero-day exploits & other unknown threats.
“Putin is playing a long game. War is costly both in terms of human & economic terms. If we see a de-escalation of the situation on the ground, we are likely to see an escalation of cyber warfare,” he explained.
“There are no patches for unknown zero-day & they wreak havoc within hours, whilst the security services & technology industry tries to catch up. These are extremely dangerous to govts. as well as businesses.”
Imminent
The bottom line is that organisations should assume that attacks are imminent, researchers concluded.
“It is a confusing time that involves 2 nations that have historically possessed & demonstrated very good skills in the cyber-security & cybercrime areas,” noted Purandar Das, Co-Founder & CEO at Sotero.
“Countries under duress have & will use cyber-attacks as a way to retaliate & to get around sanctions. The US being the face of such sanctions & a history of poorly protected infrastructure make it a tempting target. Add all this together & the warnings make a lot of sense.”
