As the Ukrainian government makes a final stand to hold their capital of Kyiv against invading Russian forces, the FBI, along with national and cyber security experts, warned Western companies to raise their security alert status and recognize the ongoing threat of Russian attacks through cyber warfare.
1819 News spoke to cyber security expert Jacob Waltz, CISSP, to assess the threat to the US. Waltz is the CEO of Intraframe US, and a cyber threat intelligence analyst based in Memphis, TN. He says the threat is not limited to Ukraine.
“When you have a nation like Russia conducting cyber operations at that scale against a nation like Ukraine, it could still affect a great deal of infrastructure that could disrupt the rest of the world,” said Waltz. “Just because they are targeting one particular nation, that doesn’t mean the damage will be contained to that nation.”
Waltz's comments were prescient. On Friday, two days into the invasion, The Telegraph reported that NVIDIA (stock symbol: NVDA), a U.S.-based manufacturer of semi-conductors, was the target of a massive ransomware attack blamed on Russian state actors.
Additionally, flash bulletins were circulating through the intelligence community, warning of a statement from the Conti ransomware group. According to the bulletin, the group announced its full support for the Russian government and vowed that any cyber-attacks or “any war activities against Russia” will result in retaliation targeting critical enemy infrastructure.
The bulletin came after former Secretary of State and Democratic presidential candidate Hillary Clinton made multiple appearances on MSNBC advocating for cyber-attacks on Russia.
“I think we could also be attacking a lot of the government institutions and, again, the oligarchs and their way of life through cyber-attacks,” said Clinton.
Newsweek detailed an FBI report from February 20, warning of the likelihood of Russian cyber-attacks. The report attributed the increased cyber threat risk to the deteriorating security situation on Ukraine's border.
"Due to the increased threat of Russian military action, the security situation in Ukraine could deteriorate with little notice," the report said. "The United States, along with its Allies and partners, has underscored its readiness to impose significant costs on Russia if it takes further military action against Ukraine, potentially further increasing the volume/severity of Russian APT cyber activities."
1819 News asked Waltz about the connection between cybercriminals and the Russian military.
“There is evidence that Russian backed actors are also working with actors in the cybercriminal underground community. Those are the people that typically deploy ransomware. While some cybercriminals are operating for financial gain, others operate at the direction of the Russian government.”
The FBI report affirmed Waltz's contention. According to the report, Russian actors "have used spear-phishing and brute force cyber network attacks (CNA), while exploiting known vulnerabilities against accounts and networks with weak security."
While the public and defense sectors are obvious targets for Russian attacks, Waltz explained which areas of the private sector are the most likely targets of cyber-attacks.
“In the private sector, the medical and banking industries, they should be very cautious about nation-state actors from Russia, because there is always incentive for Russia to infiltrate private businesses and obtain sensitive information,” said Waltz.
According to the FBI, "Russian APT actors have targeted a variety of U.S. and international critical infrastructure, including entities in the Defense Industrial Base, Healthcare and Public Health, Energy, Telecommunications, and Government Facilities Sectors. Finally, Russian malign influence actors have and continue to use social media accounts, overt and covert media connections, and message amplification to articulate narratives designed to exclude or isolate groups from one another."
So, what can businesses and institutions do to protect themselves?
“We really have to up our game in the realm of cyber security. There are many simple things that can be done, strong password policies, multi-factor authentication, good patch management, that can make a drastic improvement in security posture,” said Waltz.
“What I recommend all organizations to do is conduct an organizational risk profile. Ask what assets are essential and decide the best way to protect those assets.”