Russian cyberattacks are ramping up

There’s new warnings from US officials about possible Russian cyber-naughtiness. It seems Russian cyberattacks are ramping up. This is, of course, as a result of the Russian attack on Ukraine.

The warning came from an an interview on “60 Minutes,” with Deputy Attorney General Lisa Monaco and Cybersecurity and Infrastructure Security Agency Director Jen Easterly. They discussed the threats they’re seeing and the various ways their respective agencies are preparing for potential Russian cyberattacks.

Monaco said, ““We are seeing Russian state actors scanning, probing, looking for opportunities, looking for weaknesses in our systems on critical infrastructure, on businesses.”

“Think of it as a burglar going around trying to jiggle the lock in your house door to see if it’s open, and we’re seeing that,” according to Monaco.

The warnings are the latest from government officials urging companies in critical industries to upgrade their security systems against cyberattacks. Last month, All this follows similar warning last month from the White House following new intelligence suggesting that Russia is exploring “options for potential cyberattacks” against critical infrastructure.

Has anything happened yet?

Easterly says the Russians are particularly keen on targeting the energy and finance sectors, especially following the crippling economic sanctions imposed by the U.S. and its allies.

As recently as last week, Ukraine said it successfully thwarted a cyberattack launched by Russian-backed hackers. Allegedly it was intended to damage the country’s power grid. According to Ukrainian officials, a hacking group tied to Russia’s military intelligence agency was behind the attack.

And in March, the Dept. of Justice charged four Russian nationals accused of having hacked energy sectors in 135 countries. This includes a foreign oil facility, and caused two separate emergency shutdowns. Defendants were accused of installing malware in computer systems of several energy sectors, including nuclear power plants, oil and gas firms, and power transmission companies.

“This… is very much the type of activity that we are warning about today when it comes to Russia’s response, to the world’s response to the horror in Ukraine,” Monaco said, referring to the recent indictment of the alleged Russian hackers.

What’s this got to do with me?

You may not be a large utility or critical infrastructure concern. But it’s worth noting that there has been unintentional spillover from these attacks:

“Even cyberattacks that are aimed at Ukraine could end up having far-reaching consequences. Ill-targeted cyber weapons can easily spread into related regions or systems. Call it collateral cyber-damage.

The U.S. Cybersecurity and Infrastructure Security Agency and FBI said in a joint warning over the weekend that they expect this may happen.

“Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries,” they said.

Digital attacks have already been taking place: Ukrainian government, foreign ministry and state service websites went down before Russia’s invasion. Plus, a “wiper” attack also hit a Ukrainian agency and a financial institution.

“Since there’s so much shared infrastructure in the world, the likelihood of that spilling over and affecting other people is very high,” said Sean Gallagher, senior threat researcher at cybersecurity company Sophos. “The internet knows no boundaries.”

Don’t believe it?

For example, the 2017 NotPetya ransomware attack began in Ukraine. It was eventually attributed to Russia, got out of hand and spread worldwide. That same year, North Korea launched the WannaCry attack that eventually affected systems in 150 countries.

“We have seen multiple cases where cyberweapons like that have gone out of control … and spread themselves,” Gallagher said. “That’s a distinct possibility here.”

Robert Lee, a former NSA hacker and co-founder of Drago, says, “There’s only one country out there that actually has expertise in taking down electric power systems and that’s Russia.”

So what to do?

Experts emphasize many of the same safety measures we are already familiar with. Basic cyber-hygeine such as using strong passwords is important. So is minimizing the reuse of passwords. (A password manager can help with both.) Install software updates and patches ASAP. And turning on two-factor authentication for logins and backing up computers will go far.

And be on guard against phishing attacks and to avoid clicking links and attachments you didn’t expect to receive.

For individuals and small organizations, Avast Endpoint Protection for Small Business is an affordable, easy-to-use all-in-one safeguard. They also have a good free Antivirus for the home. Of course, it lacks some of the features of paid solutions, but it’s quite solid.

There’s also many versions of Check Point Harmony, Emsisoft AntiMalware for Home and Business Security. And up in the high-end there’s the large Sophos Intercept X Advanced family, FortiEDR, FortiEDR with MDR, and FortiXDR. To name a few.

So, be careful out there, but don’t be afraid. Use common sense. And if you have any questions about any of this, email us or call Corporate Armor at 877-449-0458. With brands like Fortinet, Sophos, Check Point, Palo Alto and more, we have many weapons for your war against the IT threatscape, and we are ready and able to help! Thanks for reading!