FBI and DHS warn US Organizations of Potential Russian Cyberattacks Linked to a Potential Invasion of Ukraine

 

Summary Multiple agencies have issued warnings regarding the potential conflict between Ukraine and Russia, particularly with regard to a potential cyber threat. Recently, CISA issued a warning of the “potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine” and included more than a dozen actions companies should take to protect their networks against hacking.   In addition, the FBI and DHS have warned those charged with overseeing critical U.S. infrastructure to be prepared for potential Russian cyberattacks in conjunction with a possible invasion of Ukraine.   These agencies have been working alongside US critical infrastructure organizations to raise awareness about potential threats.   Cyber actions in conflicts between nations are often used as distractors, as force multipliers, or in conjunction with intended physical effects.   Recently, too, US officials warned NATO and Baltic countries of possible cyberattacks emanating from Russia as tensions mount over Ukraine. Germany and the Netherlands are both NATO countries.   While there are not currently any specific credible threats, organizations in the US and allied countries should maintain a heightened awareness, particularly those in the industries mentioned above. Analysis Potential Impact   Russian actors employ many attack vectors, from ransomware to leveraging unpatched vulnerabilities to phishing campaigns. While these attacks and campaigns are likely very targeted, successful attacks related to the conflict with Ukraine could have global implications – affecting organizations and processes from supply chains to critical infrastructure. Organizations should be hyper-aware of spear-phishing campaigns, particularly with subjects involving this conflict.   In international conflicts, there has historically been no ‘red-line’ drawn for nations engaging in cyber activities affecting public or private organizations, critical infrastructure, financial organizations, etc, potentially enabling actors on both sides to push cyber boundaries.   Given historical targeting and the current geopolitical situation, NATO-member countries, along with organizations that are either part of the supply chain, or directly related to those supporting critical infrastructure are advised to continue best practices, both from cyber security and physical security perspectives.   And, due to the sophisticated nature of state-sponsored attackers, successful entry into a targeted network could be devastating to victim organizations. Persistent access could go undetected for extended periods of time, allowing attackers to move laterally through the network, harvest credentials for further access, exfiltrate sensitive personal or proprietary information which can be further exploited – either for financial gain or for espionage purposes, and could have significant geopolitical ramifications as well, to include consequences on local or global economies and supply chains.     Recommendations CISA and FBI have provided mitigation strategies and recommendations in various alerts for varying attack vectors.   CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. Users are encouraged to read the most recent mitigations and recommendations at the Shield’s Up website .   Recommends clients follow best security practices, including maintaining up-to-date software and anti-virus updates, as well as continuing user training to detect and avoid clicking on links in spear-phishing emails. References https://www.cisa.gov/shields-up