Global cyberwar slowly but surely escalates
The challenge when it comes to cyberwarfare is that there is no Pearl Harbor event that creates enough awareness around which to rally a defense. Instead, it appears a steady stream of more diffuse attacks is steadily escalating with each passing day as the conflict between Russia and Ukraine continues to wage.
The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), National Cyber Security Centre New Zealand (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) and National Crime Agency (NCA), with contributions from industry members of the Joint Cyber Defense Collaborative, have issued a joint advisory to remind organizations of the threats to critical infrastructure that Russia poses.
The advisory includes technical details on malicious cyber operations by actors from the Russian Federal Security Service (FSB), Russian Foreign Intelligence Service (SVR), Russian General Staff Main Intelligence Directorate (GRU), and Russian Ministry of Defense, Central Scientific Institute of Chemistry and Mechanics (TsNIIKhM). In addition, details of attacks involving Russian-aligned cyber threat groups and cybercrime groups are provided.
These threats to critical infrastructure go well beyond attacks against, for example, a power grid. VMware has separately published a survey of 130 security leaders in the financial services sector that suggests more cyberattacks designed to undermine the integrity of public markets are being launched by cartels of cybercriminals. Those attacks are targeting market data as part of an effort to manipulate the value of financial instruments such as corporate stocks. Two-thirds of survey respondents (66%) report they are seeing attacks that specifically target market strategies. A quarter of those attacks (25%) were primarily aimed at market data, with 44% of those identifying Chronos attacks aimed at manipulating time stamps to impact market positions. Nearly two-thirds of respondents (63%) also report an increase in brokerage account takeovers.
Many of these attacks are being launched by cyber cartels affiliated with nation-states such as Russia, noting many are trying to raise funds to lessen the impact of sanctions levied in the wake of the Ukraine invasion, the report surmises.
CISA is recommending that organizations regardless of size harden their IT environments by following the guidance it has previously made available via a Shields Up initiative. Recommendations include:
- Validate all remote access
- Implement multi-factor authentication
- Prioritize software updates
- Disable all ports and protocols that are not essential for business purposes
- Review cloud security practices
Other recommended measures include:
- Ensure cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior
- Enable logging to better investigate issues or events
- Make sure the entire network is protected by antivirus/antimalware software and that signatures in these tools are updated
- Create a crisis-response team
- Assure availability of key personnel
- Conduct a tabletop exercise to ensure that all participants understand their roles
- Make sure industrial control systems can remain operational in the event of a loss of network connectivity
- Test backup and recovery procedures
Business and IT leaders are also advised:
- Include CISOs in business strategy
- Lower reporting thresholds
- Actively participate in incident response testing
- Make sure there is a larger business continuity strategy
- Plan for the worst-case scenario
In effect, CISA is advising organizations to be on a war footing. It is even going so far as to provide free cyber hygiene services, including vulnerability scanning, to help organizations improve their cybersecurity posture.
Cyberattacks, of course, are being launched against Russian assets as well. The cybersecurity activist group Anonymous, for example, has claimed responsibility for several data leaks and the disabling of prominent Russian government, news, and corporate websites. Government agencies around the world are also lending support to the Information Security and Cybersecurity Service in Ukraine. A global cyberwar is clearly underway regardless of whether anyone takes the time to officially declare it.