Russia Cyber Threats: An Overview and Advisories
Our current and future battles are being fought on different battlefields these days – the virtual battlefield of the internet. This battlefield has a real-world impact on our country’s infrastructure, financial, and communication systems.
The best way to cripple an opposing force’s capabilities is to cause widespread chaos across as many systems as possible via a cyberattack, more so if you have plans of initiating a real-world land invasion. The Department of Homeland (DHS) is warning of an imminent cyber threat against U.S companies and government agencies in light of the fact that Russia is poised to invade Ukraine.
We need to keep in mind that Russian threat actors were responsible for the now-famous SolarWinds breach in 2020, where they gained access to numerous key systems for more than 90 days before this attack was discovered. We need to take this into account and realize that Russian cybercriminals may still have embedded themselves in the critical systems that we haven’t yet discovered.
The cyberattacks against the U.S may, however, backfire on Russia, given that any attack that a Russian cybercriminal attempts to launch will, in fact, help us discover where security weaknesses are and take countermeasures. This post will take an in-depth look at Russia’s cyber threat towards the U.S.
Why Would Russia Target the U.S. Before Possibly Invading Ukraine?
Tensions between Russia and Ukraine are currently high, with more Russian troops camping close to the border of these two nations. This has spurred fears that Moscow could soon launch an invasion. The Ukrainian government has warned that Russia is attempting to undermine the nation ahead of the looming military attack. Western powers have on many occasions issued warnings to Russia against further aggressive moves against Ukraine.
The Kremlin has rejected claims that there is a plan to attack Ukraine and is arguing that the support that Ukraine receives from NATO – including military training and increased weapons supply has resulted in increasing threats to Russia’s western flank. Intelligence agencies monitoring Russia’s cyber activities against Ukraine, however, believe that Russia’s pattern of activities suggests that a ground invasion of Ukraine will be initiated in a matter of a few weeks.
But why would Russia target the U.S. before launching its attack against Ukraine? The vast majority of Russian cyberattacks to date were for one of two reasons: steal data or make money. A Russian state-supported attack in relation to Ukraine would be done for a completely different reason: to disrupt and cripple businesses and government agencies in the U.S. so as to distract the country from helping Ukraine in the short run and to dissuade the U.S. from taking any steps to actively support Ukraine under the threat of additional attacks in the long run. Russia thinks that enough disruption could create a public backlash against supporting Ukraine.
Even so, Russia understands that launching such a blatant attack would likely result in counter-attacks against its own institutions. As such, Russian leaders are treading lightly. Unlike previous attacks where they try to disclaim any involvement, the magnitude and type of attack they would need to launch to be effective against the U.S. will clearly come from Russia, justifying counter attacks in the eyes of the world.
What Would Be the Motives of Russian Hackers?
When Russian hackers launched a ransomware attack against SolarWinds, researchers from Silicon Valley to Washington raced to understand the full impact of this attack that breached computer networks across the U.S. Some of the researchers said that the magnitude and breadth of the hack pointed to objectives beyond espionage, including undermining the faith of Americans in their systems.
That said, if the looming Russian cyberattack threats against the U.S. were to be launched, would the motive of the Russian hackers be the same as they were in the previous attacks?
Russian hackers are highly motivated by money and patriotism. For the most part, they operate with impunity as long as they are targeting enemies of Russia and refrain from attacking any Russian-based organizations. If the Russian cyber threats were to occur, the Russian hackers would have mostly been motivated by the urge to be patriotic, especially given the attacks would have been sanctioned by the Russian government.
Could the Cyberattacks Against the U.S. Backfire?
Russia maintains a wide range of offensive cyber tools that it can employ against U.S. networks that could make everything from hospitals to planes to dams and bridges fail to operate. We have seen how vulnerable American systems are – think of the cybercriminals who disrupted meat-packing and gas pipelines last year. Now picture what would happen if an angry Russia resolves to take things up a notch–transportation, healthcare, agriculture, wastewater treatment, education could all be targeted.
That said, whether or not the cyberattacks can be successful will depend on the timing and the impact of the attack. A large-scale attack on the U.S. would undoubtedly lead to a major retaliatory action by the U.S. government. The Department of Defence could perform a large-scale, crippling attack on Russia. The problem is that Russian capabilities are just as strong as well. In a cyber-warfare scenario, the U.S. has the most to lose due to the fact that it has a much larger technology footprint to protect.
It’s no wonder that the U.S. government has started putting measures in place to protect its infrastructure. For one, a Joint Cybersecurity Advisory created by the FBI, the National Security Agency, and CISA report was sent out throughout the country on January 11th to prepare local, state, and private sector stakeholders on Russian cyberattack abilities. The report outlined the commonly observed techniques, procedures, and tactics. It also entailed detailed instructions on ways potential victims can respond to various cyberattacks and minimize their exposure.
Earlier in December, Homeland Security sent out a different report titled “Preparing for and Mitigating Potential Cyber Threats.” This report warned various stakeholders of sophisticated threat actors such as nation-states like Russia that have proven their capability to compromise U.S. networks and develop long-lasting persistence mechanisms that continue lurking in the systems even after the most intensive efforts to root them out.
What Measures Can U.S. Organizations Take to Protect Themselves?
Organizations, both big and small, should establish a comprehensive cybersecurity strategy based on the NIST cybersecurity framework. Many organizations don’t have qualified personnel to develop and implement a security strategy for different reasons. Those organizations should consider partnering with an MSP that specializes in cybersecurity.
Here are other steps that you should take to ensure that your organization is doing everything possible to prepare and recover from a cyberattack:
- Secure your hardware: You should ensure that you’re using the latest security patches. Your passwords should also be secure. For instance, you should use multi-factor authentication where possible. You should ensure that you encrypt all your Windows 10 devices by turning on the BitLocker device encryption. Additionally, you should activate a remote-wipe for any mobile devices that might have gotten stolen or lost to safeguard the data that it has access to.
- Encrypt and backup your data: You need to ensure that you bar physical access to sensitive data and also render it useless, suppose it falls into the wrong hands. Encrypting your data is the best “quick fix” for data breaches. In case a data breach should occur, it will be inaccessible to threat actors. Also, back up your data so that in the event of a disaster (usually a cyberattack), you have your data backed up to avoid loss of data, serious downtime, and heavy financial losses.
- Conduct employee awareness training: According to recent surveys, 95% of cyberattacks are as a result of human error. This makes your employees the weakest link in the data security chain. One of the most effective ways to protect your organization against cyberattacks is to train your employees on cyberattack prevention and inform them of ways of detecting current cyber-attacks. Among other things, they need to check links before clicking and check the received emails’ email addresses to avoid opening emails from unknown individuals.
- Invest in cyber insurance: Consider this to be a business continuity strategy in the event that the cybersecurity measures you take fail. If you become a victim of a ransomware attack, cyber insurance will help you recover by offering you financial support to remediate the issue as soon as possible.
- Invest in cybersecurity solutions that work together, not independently: With the increase of polymorphic attacks, organizations need protection beyond the traditional firewalls and endpoints. They should also incorporate resources like Microsoft 365 and Azure. Moreover, they need to have a coordinated defense driven by A.I. technologies and SOC to immediately identify, quarantine, respond, and shut down incoming attacks.
- Develop a comprehensive security strategy based on the NIST cybersecurity framework that considers greater adoption of IoT devices, greater use of private and public cloud, BYOD (bring-your-own-device), and the new reality of remote work.
Bottom Line
The DHS’s warning about Russia is another reminder that the cyber world remains a very real target for enemies during times of conflict. If Russia were to disrupt the U.S. like the Colonial Pipeline attack from last year, this could cause significant disruptions to various companies and organizations both inside and outside the U.S.
Companies and organizations should continue with current cybersecurity best practices. While the Russian cyber threat should cause a heightened sense of alert, the reality is that companies should be living in this model already and not try to play catch up with best practices.
Alliance Technology Partners Can Help Enhance the Security of Your Business
We offer cybersecurity-focused services for businesses that need to combat cyber threats. Keeping safe is Alliance Technology Partners number one concern. Contact us now and let us help protect your business.
Thanks to our friends at GenerationIX in LA for their help with this content.