War sanctions on Ukraine could spur Russian cyberattacks on US, expert warns

As Russian tanks rolled into Ukraine last week, military and security experts anticipated both conventional warfare attacks – missiles, bombs, gunfire – and devastating cyberattacks targeting Ukraine’s critical infrastructure as well. than the digital networks of allied countries.

Indeed, the United States Cybersecurity and Infrastructure Security Agency (CISA) issued a “shieldsalert well before Russia’s February 23 invasion of Ukraine, warning IT departments around the world to watch for suspicious activity that could disrupt their business or government operations. Technology consulting firm Wedbush confirmed the alert and issued a report warning usa financial institutions, corporate data centers and logistics companies to prepare for Russian-led cyberattacks.

Apart from a handful of denied service attacks and wipe malware that deletes data, the Kremlin’s formidable army of hackers has remained relatively silent since the invasion. But don’t expect Russian restraint to last, said Chris Krebs, Krebs Stamos Group partner and former CISA director.

While the Western economy punishments intensify and damage the Russian economy, Krebs explained, “you can see retaliation where the Russian government is saying, ‘Hey, you’re hitting our banks, so we’re going to hit your banks. It could be different techniques or even different actors, apart from official agencies “like ransomware gangs.

CBS MoneyWatch spoke with Krebs, who said Russian cyberattacks weren’t limited to Ukraine. “The internet has collapsed the spaces between us. So even though Ukraine seems very far away, every business should be on high alert.” The interview below has been edited for clarity and conciseness.

How could Russia target the United States with cyberattacks?

Chris Krebs: It is important to start with the fact that there is no specific intelligence, as far as I know, indicating that any attack is imminent. They base these opinions on a historical understanding of Russian cyber activity targeting the West. In Ukraine, they attacked the electricity grid. In 2015 and 2016, the Russians turned off the electricity grid in the middle of winter.

Russia has also used other techniques, including software supply chain attacks. For example, the Russians were able to exploit accounting software and work their way into global corporations.

There is a lot of talk about “cyber warfare” these days. What is the reality of this threat?

I think there’s been a lot of mythology built around a Cyber ​​Pearl Harbor and Cyber ​​9/11, trying to conjure up images of pipelines and buildings exploding.

At this point in the Russia-Ukraine conflict, cyber as a military capability is obviously a far cry from the kinetic world with bombs. Cyber ​​is not killing people right now. I think we need to take a step back, maybe take a deep breath about the seriousness and the significance of the threat. There is no doubt that there is a risk, there is a threat. But obviously, on the side of missiles and fighter jets and things like that, cyber is nowhere near that level.

But when it comes to the broader attack surface — whether it’s your phones, your computers, your servers, cloud-based software — these are things a bad guy could exploit. It could mean stealing sensitive data, including intellectual property, and it could mean locking down a network with ransomware.

The United States is a world-leading technology innovator. And as a result, we are at the forefront of technology when it comes to connecting devices to the internet. I hear a lot of questions about our vulnerability. You know, everyone has some degree of exposure. I think the important question we need to ask ourselves is “how resilient are we?” Realistically, it’s about doing your best on the prevention and protection side, but understand that everyone has bad days.

Above all, how quickly can you spot, isolate and respond to security incidents? Can you continue to operate and perform critical functions? It’s not about stopping every threat.

According to CBS News, Associate Press and other news agencies, Russia has launched propaganda campaigns on social media. How resistant are American social networks to misinformation?

I recognize some of the efforts of social media platforms — Facebook, Twitter — that have strengthened their surveillance to identify inauthentic campaigns and behavior. This includes both secrecy, which means they try to look like someone else, and overt, where you have state media publishing false information. Thus, American social networks have done a great job so far: Facebook announced last week that it had identified covert activity where hackers based in Belarus were trying to compromise government officials and journalists’ accounts in Ukraine, then take control of these accounts and post fake videos and fake news of Ukrainian soldiers. Here is an example of these techniques in play.

And you have another aspect, where social media platforms are taking steps to reduce the number of viewers of RT and Sputnik, which are the two most well-known and state-sponsored Russian media outlets. Microsoft President Brad Smith announced measures last week that included downgrading or removing state media from Bing search results. These are important steps tech companies can take.

What lessons should businesses and government agencies learn from this moment of heightened cyber activity?

Let’s be perfectly clear: we are in uncharted territory. This is not a business-as-usual situation. I’m not sure there are many companies that have well-developed playbooks for an event of such geopolitical gravity that we are seeing right now.

You see mainstream brands really reacting. Formula 1 has canceled its Russian circuit. FIFA has suspended Russia’s participation in the World Cup in 2022. Same thing with Russia and Eurovision, the popular music show.

In terms of hardware infrastructure, security researchers and what I call ethical hackers are mapping Russian supply chain connections. If anyone profits from the war, he will be called.

Business leaders should really think long and hard about whether you have connectivity, what kind of engagement you have with Russia. I think the real responsible business leaders rally to support Ukraine now, because history is going to judge us all, one way or another. You want to be on the right side of history here.

What does the future of cyber conflict look like?

As Thomas Friedman said, the world is flat. The internet has reduced the spaces between us. So even though Ukraine seems very remote, every business should be on high alert. We communicate with Ukrainian citizens on a very personal level. And so we have to be careful not to fall prey to some of the misinformation that’s going around.

It’s not just government agencies and it’s not just big corporations that are potential targets for malicious cyber actors. I think it’s entirely possible that as sanctions continue to rain down on the Russian economy, you could see ransomware actors go wild in retaliation. There have been indications that one group in particular has said that if you attack us, Russia, we will react; we will tackle your critical infrastructure.

The challenge here is that the actors are not necessarily strategic. They don’t necessarily only go after people who have money or organizations who have money. They are opportunists. And so whether it’s someone in New York or someone in Omaha, Nebraska, if you’re connected to the Internet, there’s a degree of exposure to risk.

Comments are closed.