“Evolving intelligence” shows Russia amping up for cyber-war in response to Ukraine-related sanctions, the White House said — but researchers warn that many orgs are not prepared.
The Russian government is exploring “options for potential cyberattacks” on critical infrastructure in the U.S., the White House warned on Monday, in retaliation for sanctions and other punishments as the war in Ukraine grinds on.
Officials said that its latest intelligence shows cyber-related “preparatory activity” on the part of President Vladimir Putin’s government, though White House deputy national security adviser for cyber and emerging technology Anne Neuberger emphasized that no concrete threat has been identified.
“To be clear, there is no certainty there will be a cyber-incident on critical infrastructure,” she told reporters during a briefing. She added, “There is no evidence of any specific cyberattack that we are anticipating. There is some preparatory activity that we’re seeing and that is what we shared in a classified context with companies who we thought might be affected.”
That observed prep work includes vulnerability scanning and website probing, she added, declining to add any specifics. She noted that officials were holding more detailed classified briefings with organizations they believe could be targeted.
“The current conflict has put cybersecurity initiatives in hyperdrive, and today, industry leaders aren’t just concerned about adversaries breaching critical infrastructure but losing access and control to them,” Saket Modi, co-founder and CEO at Safe Security, said via email.
In tandem with the briefing, the White House released a cyber-preparedness fact sheet, and President Joe Biden issued the following statement:
“I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners. It’s part of Russia’s playbook. Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks.”
The fact sheet contains basic advice for hardening cyber-defenses, including employee awareness education; implementing multifactor authentication; keeping patching up-to-date; ensuring backups for data; turning on encryption; red-team exercises; and updating security tools.
“This is a call to action and a call to responsibility for all of us,” Neuberger said, again citing a “potential shift in intention” by Russia.
Organizations Are Not Prepared for Russian Attacks
Jason Rebholz, CISO at Corvus Insurance, noted that basic cyber-hardening should have begun long ago.
“The White House’s best practices echo security fundamentals – something every organization should strive for,” he said via email. “For many organizations, the time to implement was several years ago, as the frequency and severity of attacks began to escalate. Like planting a tree, the best time to secure your organization was ten years ago. The next best time is today. Organizations that have not addressed the key items and hardened their cyber-defenses are at a significantly greater risk of compromise.”
Beyond the basics, there are other challenges in being prepared for an onslaught from Russia’s considerable cyber-arsenal, Modi said.
“While governments and businesses have started pivoting towards proactive cybersecurity, it is difficult to do so without addressing the three major challenges in cybersecurity that organizations face,” he explained. “There are too many cybersecurity products that do not communicate with each other, and this siloed approach leads to managing cybersecurity reactively. Finally, despite increased attention on the need for a better disclosure mechanism of cyberattacks, cybersecurity communication continues to be a challenge since it often lacks a business context.”
Meanwhile, Danny Lopez, CEO at Glasswall, pointed out that the real risk involves zero-day exploits and other unknown threats.
“Putin is playing a long game. War is costly both in terms of human and economic terms. If we see a de-escalation of the situation on the ground, we are likely to see an escalation of cyber warfare,” he told Threatpost. “There are no patches for [unknown zero-day] and they wreak havoc within hours, whilst the security services and technology industry tries to catch up. These are extremely dangerous to governments as well as businesses.”
The bottom line is that organizations should assume that attacks are imminent, researchers concluded.
“It is a confusing time that involves two nations that have historically possessed and demonstrated very good skills in the cybersecurity and cybercrime areas,” noted Purandar Das, co-founder and CEO at Sotero, via email. “Countries under duress have and will utilize cyberattacks as a way to retaliate and to get around sanctions. The U.S. being the face of such sanctions and a history of poorly protected infrastructure make it a tempting target. Add all this together and the warnings make a lot of sense.”
Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our FREE downloadable eBook, “Cloud Security: The Forecast for 2022.” We explore organizations’ top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists.