Russian state-sponsored and criminal cyber threats to critical infrastructure could impact organisations within and beyond Ukraine. Some cybercrime groups have recently publicly pledged support for the Russian government and have threatened to conduct cyber operations in retaliation for perceived cyber offensives against Russia or against countries or organisations providing material support to Ukraine, according to the authorities in the United States, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI and NSA; and in Canada, New Zealand, and Australia, and the UK.
The authorities recommend as priorities the patching of known exploited IT vulnerabilities; that businesses enforce multi-factor authentication (that is, more than a sole computer password); that firms monitor remote desktop protocol (RDP); and provide end-user awareness and training to staff.
Among comments from the authorities, the UK official National Cyber Security Centre (NCSC) CEO Lindy Cameron said that in this period of heightened cyber threat, it has never been more important to plan and invest in longer-lasting security measures.
She said: “It is vital that all organisations accelerate plans to raise their overall cyber resilience, particularly those defending our most critical assets. The NCSC continues to collaborate with our international and law enforcement partners to provide organisations with timely actionable advice to give them the best chance of preventing cyber-attacks, wherever they come from.”
Separately, the UK body that serves higher education with cyber and other services, Jisc, has brought out its latest cyber impact report.
Comments
Vito Rallo, Associate Managing Director at the international risk consultancy Kroll for Cyber Risk, said that 2021 was a record year for vulnerabilities and exploits available in the wild, and Kroll is seeing double-digit growth in attacks targeting the manufacturing industry, potentially implying that supply chains are under attack. “This poses a major issue for those running critical infrastructure, and threatens to disrupt all of us who rely on it. The overwhelming challenge for Operational Technology (OT) systems is that they are very difficult – if not impossible – to patch. Either the patches are simply unavailable or the risks of applying them are high, due systems being obsolete or out of support.
“To avoid these vulnerabilities being utilised by attackers when most geopolitically impactful, there are a number of ways organisations can increase their cyber resilience to attack. For example, network segmentation can help. The exposure of assets and systems, even if unpatched, needs to be reduced so that vulnerable systems are difficult to reach and exploit. Performing compromise assessments and threat hunting with specialised knowledge for OT is vital. This is often the only way an already compromised system can be identified and the risk mitigated. Without this, exploits can be available to attackers ‘in the dark’ before they are made public and properly protected against.”
Russia is very good at attacking critical infrastructure, said Zac Warren, Senior Director of Cybersecurity Advisory – EMEA, Tanium. “For example, they can shut down entire power grids, and we’ve already seen that in the Ukraine conflict on multiple occasions. The Western alliances need to take this threat very seriously. As sanctions become heavier and heavier on Russia, they will be looking for ways to retaliate, and further attacks on critical Western infrastructure are a strong possibility. It’s likely that Russia is already poking around in the critical infrastructure of the USA, UK, and the EU – looking for vulnerabilities such as unpatched systems to manipulate and take advantage of.
“It’s particularly important that Western alliance countries develop better security around this critical infrastructure. To achieve this, there needs to be partnerships between government agencies and the private sector. There are several reasons for this, but one is that many governments want to regulate cybersecurity without having the technical capabilities to do it. Technical skills are more common within the private sector, and governments need to tap into these skills to help improve their security posture.”
And Sam Curry, chief security officer at cyber firm Cybereason, said: “The Five Eyes advisory is a show of solidarity, and it says very clearly that these five countries’ resources are in alignment. It also says that information might come from any number of networks, and all of these countries are highly competent at cyber offence and defence. Finally, it says that this is no one state’s propaganda.
“It is, in effect, attested to by allied but mutually exclusive defence and government structures. Overall, the advisory will have a positive effect, as anything that gets uptick and coverage increases the likelihood that people who need to know, will know. It also means that more countries, and more of the private sector than just one country, will get the alert. And in reality you can’t sound the alarms too many times, because the majority of critical infrastructure has public safety implications but remains private sector owned and operated.”
In the US, the public is asked to report any suspicious cyber activity to www.ic3.gov.
