Owner security

The Russian Cyber ​​Threat and How to Mitigate the Risks

In the build-up to Russia’s Ukrainian invasion, almost every media outlet and cybersecurity expert – including us – warned that a Russian war would inevitably turn into a cyberwar. Two days before the attack, Britain’s National Cyber ​​Security Center (NCSC) warned of “international consequences” and called on UK organizations to “strengthen their online defences”. On February 24, the day Russia invaded Ukraine, CNN reported that the United States was preparing for Russian cyberattacks.

It has been four months since Russia launched a full-scale invasion of Ukraine. To date, fears of large-scale nation-state attacks that cripple critical infrastructure and disrupt international banking systems are largely unfounded for much of the Western world. That said, recent notable attacks by Russian criminal groups on Italy, Greenland and Costa Rica have caused massive damage and serve as a continuing warning to Russia’s cyber capability.

During the build-up to the war, most experts predicted that it would only take a few days or weeks before Ukraine fell entirely into Russian hands. In the United States, Chairman of the Joint Chiefs of Staff General Mark Milley told congressional leaders the country would fall within 72 hours.

The whole world has grossly underestimated Ukraine’s fighting strength. However, they did not grossly overestimate the Russian cyber threat. Yet despite Russia’s undeniable offensive cyber capabilities, all things considered, the Kremlin has not stepped up its devastating cyber warfare against the West since its military invasion began – despite unprecedented sanctions. Above all, he has allowed his state-aligned strike groups to go after countries that lack strong retaliatory capabilities, such as Italy, Greenland and Costa Rica.

Russia is not a sleeping bear

In 2017, Russia deployed the NotPetya malware. The attack started in Ukrainian accounting software and quickly spread around the world. It left a trail of damage and disruption that cost billions of dollars. When the current war broke out, many feared a similar style attack that could leave the West reeling, and indeed Ukraine has seen a series of disruptive cyber operations. Website defacements, DDoS attacks, and cyberattacks that deleted data from government computers are all part of the hostilities. These attacks are disruptive and destroy power grids, disrupt the banking system, media, infrastructure, and shut down communication networks and satellites.

Attacks emanating from Russia include domestic-level sophistication. Military
cyberattacks outside Ukraine include Costa Rica where the entire country has been paralyzed, Italy where entire regions have shut down, and Greenland whose health care has been taken offline.

Attacks inside Ukraine consumed the resources of Russian government attack units overseen by the GRU, FSB and SVR. Attacks outside of Ukraine have mostly been carried out by ransomware groups (state-aligned but not state-sponsored).

Having extensively studied Russia’s cyber capabilities and motives and seen the patience and endurance shown by their stealth attacks, we believe that Russia is constantly ensuring that it has plenty of stealth hardpoints in the world to detonate if she wishes. Obviously, we cannot see them; they leave no footprints and there is no impact until they run.

Yet cybersecurity experts around the world are wondering which countries that have supported Ukraine militarily will be the next to suffer this cyberaggression.

Wait another moment to attack

Rob Joyce, director of cybersecurity at the National Security Agency, believes there has been sustained cyberconflict since the war began. Paul Chichester, director of operations at NCSC, called the cyber clash between Russia and Ukraine “the most sustained set of cyber operations clashing with the best collective defense we have seen”.

The US State Department has speculated that Russia has not pursued more Western cyber targets such as the US and UK, as it does not wish to fight a two-front war. We suspect that the Russians have not reduced their capabilities, but are simply waiting for another moment to attack.

How should organizations react

Businesses, governments, critical infrastructure utilities and other organizations need to guard against complacency. Attacks by nation states based in Russia are powerful. They have proven capable of hacking into the US power grid in the past and have interfered with elections in the US and Germany.

If nothing else, they’ve proven just how dangerous they can be, and as the war continues to drag on, it’s unclear what Russian President Vladimir Putin might do. His seemingly erratic behavior throughout the tensions with Ukraine could lead him to order attacks against some of Ukraine’s allies.

Organizations in Europe and North America need to upgrade their security posture as soon as possible. Adopting additional levels of preparedness, response and resilience is essential to counter the risk of a Russian cyberattack.

Proactive activities, such as tabletop exercises simulating destructive attacks, can help identify weak points in organizational security deployments, as well as flaws in incident response processes.

Backups should be verified to ensure that they are resistant to attacks and that access to backups is sufficiently limited. If some elements of the supply chain are connected to Ukraine, it is recommended to adapt permissions and strengthen access control policies or use alternative software to isolate the company from risks.

Above all, it is crucial to apply national-level defense plans that use attacker methods and motivations to enhance security countermeasures.

For organizations that lack the staff or skills to execute these security measures, it is highly recommended to outsource cybersecurity to a team of experts. These cybersecurity services can go a long way in improving an organization’s security posture and protecting it from catastrophic consequences resulting from attacks. In the battle against nationwide cyberattacks, working with a team of security professionals will help to properly implement these protective measures.

Contact a HolistiCyber ​​expert today to discuss your cybersecurity needs.

The post The Russian Cyber ​​Threat & How to Mitigate the Risks appeared first on HolistiCyber.

*** This is a syndicated blog from HolistiCyber’s Security Bloggers Network written by Leora Pudell. Read the original post at: https://holisticyber.com/blog/the-russian-cyber-threat-how-to-mitigate-the-risks/