As Russian tanks invaded Ukraine last week, the military and security experts were expecting conventional warfare attacks – missiles, bombs, shootings – and catastrophic cyber-attacks targeting Ukraine’s critical infrastructure as well as digital networks.
Indeed, the US Cybersecurity and Infrastructure Security Agency (CISA) issued a “shield” warning long before Russia’s invasion of Ukraine on February 23, warning IT departments everywhere to watch for suspicious activity that could disrupt business or government. their functions. Technology consulting firm Wedbush confirmed the warning and issued a report warning the US financial institutions, business data centers and logistics companies to prepare for Russian-led cyberattacks.
Aside from a handful of denial-of-service attacks and malicious data wiper software that erases data, the Kremlin’s formidable hacker army has remained relatively quiet since the invasion. But do not expect Russian restraint to last, said Chris Krebs, a partner at the Krebs Stamos Group and former head of CISA.
As Western economics sanctions to intensify and damage the Russian economy, Krebs explained, “you can see retaliation where the Russian government says, ‘Well, you’re hitting our banks, so we’re going to hit your banks.’ It could be different techniques or even different actors, outside of official services “, such as ransomware gangs.
“I think it’s absolutely possible, as sanctions continue to plague the Russian economy, to see ransomware launching in retaliation,” said the former CISA director. @C_C_Krebs. pic.twitter.com/pRkyVLCJp7
– Dan Patterson (@DanPatterson) March 3, 2022
CBS MoneyWatch spoke with Krebs, who said Russian cyberattacks were not limited to Ukraine. “The Internet has closed the gaps between us. So, although Ukraine looks very far away, every company should be vigilant.” The following interview has been modified for the sake of clarity and brevity.
How can Russia target the US with cyber attacks?
Chris Krebs: It is important to start with the fact that there is no specific information, as far as I know, that indicates that any kind of attack is imminent. They base this advice on a historical understanding of Russian Internet activity targeting the West. In Ukraine, have chased the grid. In 2015 and 2016, the Russians turned off the electricity during the winter.
Russia has also used other techniques, including the use of attacks on the software supply chain. For example, the Russians were able to take advantage of accounting software and penetrate global companies.
There is a lot of talk about “cyberwarfare” right now. How real is this threat?
I think a lot of mythology has been created around a Cyber Pearl Harbor and a Cyber 9/11, trying to cause images of pipeline and building explosions.
At this point in the Russia-Ukraine conflict, cyberspace as a military capability is clearly not close to the mobile world with bombs. Cyber is not killing people right now. I think we need to take a step back, maybe take a deep breath about how serious and important the threat is. There is no doubt that there is danger, there is a threat. But obviously with the ordering of missiles and fighter jets and things like that, cyberspace is nowhere near that level.
But speaking of the wider attack surface – be it your phones, your computers, your servers, your cloud-based software – these are things that a bad person could take advantage of. This could mean stealing sensitive data, including copyright, and could block a ransomware network.
The United States is the world’s leading technology innovator. And as a result, we are at the top of the spear when it comes to connecting devices to the internet. I hear a lot of questions about how vulnerable we are. You know, everyone has some degree of exposure. I think the important question we need to ask is “how resilient are we?” Realistically, it’s all about doing the best you can in terms of prevention and protection, but understand that everyone has bad days.
Importantly, how quickly can you detect, isolate, and respond to security incidents? Can you continue to operate and perform critical functions? It is not to stop every threat.
There are reports from CBS News, the Associated Press and other news agencies that Russia has launched propaganda campaigns on social media. How resilient are US social networks to misinformation?
I recognize some of the efforts of social networking platforms – Facebook, Twitter – this have increased their attendance to detect campaigns and non-authentic behavior. This includes both covertly, that is, trying to look like someone else as well as openly, where you have state media that publish information that is false. So U.S. social networks have done a great job so far: Facebook last week announced that it had spotted a secret activity where Belarusian-based hackers were trying to breach government officials and journalists’ accounts in Ukraine, then seize those accounts and to publish fake videos and fake news about Ukrainian soldiers. So this is an example of these techniques being played.
And you have another aspect, where social media platforms are taking action to reduce the viewership of RT and Sputnik, which are two of the well-known state-funded Russian media outlets. Microsoft President Brad Smith announced last week steps that included ranking or deleting government media from Bing search results. These are important steps that technology companies can take.
What lessons should businesses and government agencies learn from this moment of increased internet activity?
Let’s be absolutely clear: We are in uncharted areas. This is not a situation that works. I’m not sure there are many companies that have developed good books on an event of such geopolitical gravity as we’re seeing right now.
You see the consumer names really respond. Formula 1 canceled its Russian track. FIFA has ruled out Russia’s participation in the 2022 World Cup. The same goes for Russia and Eurovision, the popular music show.
As for hard infrastructure, security researchers and what I call ethical hackers are mapping the links of the Russian supply chain. If anyone benefits from the war, they will be called.
Business leaders really need to think hard and hard about whether you have any connectivity, what kind of commitment you have with Russia. I think the real person in charge Company leaders are making a move to support Ukraine now, because history will judge us all, one way or another. You want to be on the right side of the story here.
What does the future hold for cyberbullying?
As Thomas Friedman says, the world is flat. The internet has collapsed the spaces between us. Thus, although Ukraine seems far away, every company should be vigilant. We connect with the citizens of Ukraine on a very personal level. That is why we must be careful not to fall victim to any misinformation that is circulating.
It is not just government agencies and it is not just large companies that are potential targets of bad cybercriminals. I think it is quite possible, as sanctions continue to hit the Russian economy, to see ransomware agents launching in retaliation. There have been some indications that one group in particular said that if you attacked us, Russia, we would respond. we will look for your critical infrastructure.
The challenge here is that actors are not necessarily strategic. They are not necessarily just chasing people with money or organizations with money. They are opportunists. And so, whether one is in New York or one in Omaha, Nebraska, if you are connected to the internet there is a degree of risk.
- In:
- chris Krebs
- Cybersecurity and Infrastructure Security Organization
- Security hacker
- Ukraine
- Russia
- Cyber attack
Add Comment