When Russian tanks entered Ukraine last week, military and security experts predicted both conventional warfare attacks (missiles, bombs, shootings) and devastating cyber attacks targeting Ukraine’s critical infrastructure as well as networks. allied countries.
In fact, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a “shield up” alert long before Russia’s invasion of Ukraine on February 23, warning the computer departments of wherever they control suspicious activities that could disrupt their business or government operations. Technology consultancy Wedbush confirmed the alert and issued a report warning the US financial institutions, business data centers and logistics companies to prepare for Russia-led cyberattacks.
Aside from a handful of data denial-of-service attacks and data-erasing malware, the Kremlin’s formidable army of hackers has remained relatively silent since the invasion. But don’t expect Russian moderation to last, said Chris Krebs, a partner in the Stre Krebs Group and former head of CISA.
Like the economic of the West sanctions stepping up and damaging Russia’s economy, Krebs explained, “you may see retaliation when the Russian government says, ‘Hey, you’re hitting our banks, so we’re going to hit your banks.’ They could be different techniques or even and all different actors, outside of official agencies, such as ransomware gangs.
“I think it’s entirely possible that as sanctions continue to be reduced in the Russian economy, ransomware actors can be seen to be retaliated against,” says the former CISA director. @C_C_Krebs. pic.twitter.com/pRkyVLCJp7
– Dan Patterson (@DanPatterson) March 3, 2022
CBS MoneyWatch spoke with Krebs, who said Russian cyberattacks are not limited to Ukraine. “The Internet has collapsed between us. So, although Ukraine seems far away, all companies should be on high alert.” The following interview has been edited for clarity and brevity.
How could Russia attack the US with cyberattacks?
Chris Krebs: It is important to start with the fact that there is no specific intelligence, as far as I know, that indicates that any kind of attack is imminent. They are basing these warnings on a historical understanding of Russian cyber activity targeting the West. In Ukraine, they have gone after the power grid. In 2015 and 2016, the Russians turned off the power grid in the dead of winter.
Russia has also used other techniques, such as the use of attacks on the software supply chain. For example, the Russians were able to exploit accounting software and get into global business.
There is a lot of talk right now about “cyberwar”. How real is this threat?
I think there has been a lot of mythology built around a Cyber Pearl Harbor and a Cyber 9/11, which tries to evoke explosion images of pipes and buildings.
At this point in the conflict between Russia and Ukraine, cybernetics as a military capability is obviously not close to the kinetic world of bombs. The cybernetic is not killing people right now. I think we need to take a step back, maybe take a deep breath on how serious and important the threat is. There is no doubt that there is a risk, there is a threat. But obviously because of the order of missiles and fighter jets and things like that, cybernetics is not approaching that level.
But speaking of the broader attack surface, be it your phones, your computers, your servers, cloud-based software, these are things that a bad guy could blow up. This could mean stealing sensitive data, including intellectual property, and could mean blocking a ransomware network.
The United States is a world-class technology innovator. And as a result, we’re at the forefront of connecting devices to the Internet. I hear a lot of questions about how vulnerable we are. You know, everyone has some degree of exposure. I think the important question we need to ask is “how resilient are we?” Realistically, it’s about doing the best you can when it comes to prevention and protection, but understand that everyone has bad days.
It is important to note how quickly you can detect, isolate, and respond to security incidents. Can you continue to operate and perform critical functions? It’s not about stopping all threats.
There are reports from CBS News, Associate Press and other news agencies that Russia has launched propaganda campaigns on social media. How resilient are U.S. social media to misinformation?
I recognize some of the efforts of social media platforms (Facebook, Twitter). they have increased their follow-up to identify non-genuine campaigns and behaviors. This includes both covert, that is, trying to look like someone else, and open, where you have state media that publish information that is false. So American social media has done a great job so far: Facebook last week announced that it had identified a covert activity in which Belarusian-based hackers were trying to compromise government officials and journalists’ accounts. Ukraine will then take over these accounts and post fake videos and fake news of Ukrainian soldiers. So this is an example of these techniques at play.
And you have another aspect, where social media platforms are taking action to reduce the audience of RT and Sputnik, which are the two well-known state-sponsored Russian media. Microsoft President Brad Smith last week announced steps that included declassifying or removing state media from Bing’s search results. These are important steps that technology companies can take.
What lessons should companies and government agencies learn from this moment of increasing cyber activity?
Let’s be perfectly clear: we are in unexplored territories. This is not a common situation. I’m not sure there are many companies that have well-developed playbooks for an event as geopolitically serious as the one we’re seeing right now.
You see, consumer brands are really responding. Formula 1 canceled its Russian circuit. FIFA suspended Russia from participating in the 2022 World Cup. The same with Russia and Eurovision, the popular music program.
When it comes to hard infrastructure, security researchers and what I call ethical hackers are tracing Russia’s supply chain connections. If anyone is taking advantage of the war, they will call him.
Business leaders should think hard and hard about whether you have any connectivity, what kind of commitment you have to Russia. I think the real culprit business leaders are making a move in support of Ukraine now, because history will judge us all, one way or another. You want to be on the right side of the story here.
What is the future of cyberconflict?
As Thomas Friedman says, the world is flat. The Internet has collapsed the spaces between us. Thus, although Ukraine seems far away, all companies should be on high alert. We are connecting with the citizens of Ukraine on a very personal level. And so we must be careful not to fall prey to any of the misinformation that is circulating.
Not just government agencies and not just big business are the potential targets of bad cyberactors. I think it is entirely possible that as sanctions continue to be reduced in the Russian economy, it can be seen that ransomware actors are being attacked in retaliation. There have been some indications that one particular group said that if you attack us, Russia, we will respond; we will look for your critical infrastructure.
The challenge here is that the actors are not necessarily strategic. They don’t necessarily chase only people with money or organizations with money. They are opportunists. So, whether you’re in New York City or someone in Omaha, Nebraska, if you’re connected to the Internet, there’s a certain degree of exposure to risk.
- In:
- Chris Krebs
- Cybersecurity and Infrastructure Security Agency
- Security hacker
- Ukraine
- Russia
- Cyberattack
Add Comment