The U.S. Cybersecurity and Infrastructure Security Agency issued an ” shields Up” alert ahead of Russia’s invasion in Ukraine on February 23. It warned IT departments worldwide to be vigilant for suspicious activity that could cause disruptions to their businesses or government operations. Wedbush, a technology consulting firm, confirmed the alert and issued a Report warning U.S. financial institutions, enterprise data centres and logistics companies to be prepared for Russian-directed cyberattacks.
Except for a few denial-of-service attacks, and wiper malware which deletes data from the computer, the Kremlin’s hacker army has been relatively quiet since the invasion. Chris Krebs, a partner in the Krebs Stamos Group, and former head CISA, stated that Russian restraint won’t last.
Krebs explained that as the West’s economic sanctions increase and harm Russia’s economy, there could be retaliation in which the Russian government says, “Hey, you hit our banks, so we’re going to hit your banks.” There could be other techniques or actors involved, outside of official agencies such as ransomware gangs.
CBS MoneyWatch spoke to Krebs about Russian cyberattacks. He said that the internet has restructured the space between us. Even though Ukraine may seem far away, companies should remain alert. This interview has been edited to be more concise and clear.
How could Russia attack the U.S. through cyberattacks?
Chris Krebs: First, it’s important to note that I don’t know of any intelligence to indicate an imminent attack. These advisories are based on an historical understanding of Russian cyber activity that targets the West. They have targeted the power grid in Ukraine. In 2015 and 2016, Russia shut down the electricity grid during winter.
Russia also employed other methods, such as software supply-chain attacks. The Russians were able, for example, to hack accounting software and gain access to global businesses.
Cyberwar is a hot topic right now. Is this a real threat?
Mythology has been built around Cyber Pearl Harbor and Cyber 9/11 to create images of exploding buildings and pipelines.
Cyber as a military capability at this stage in the Russia-Ukraine conflict is clearly not near the kinetic world of bombs. Cyber is not killing anyone right now. We need to take a step back and think about the severity of the threat. It’s clear that there is a risk and that there is a threat. Cyber is clearly not at the same level as fighter jets, missiles, and other types of aircraft.
However, if you look at the wider attack surface, whether it be your phones, computers, servers, or cloud-based software, those are all things that a bad guy can exploit. This could include stealing intellectual property and sensitive data, as well as locking down networks with ransomware.
The United States is a global leader in technology innovation. We are the world’s leading innovator in connecting devices to the internet. There are many questions I get about our vulnerability. Everyone is exposed to some degree. The important question is, “How resilient are we?” It’s about trying to do the best possible on both the protection and prevention side. But, we must also remember that there are bad days.
How quickly can you identify, isolate, and respond to security incidents? Are you able to continue operating and performing critical functions? It is not about stopping all threats.
CBS News, Associate Press and other news agencies have reported that Russia has launched propaganda campaigns on social media. How resistant are the U.S. social media networks to disinformation?
I am aware of some of the efforts made by social media platforms (Facebook, Twitter) to increase their monitoring in order to detect fraudulent campaigns and other suspicious behavior. They can be disguised as someone else or post false information. The U.S. social media networks have done an excellent job so far. Last week, Facebook announced that they had discovered covert activity in which hackers based in Belarus tried to compromise journalists accounts and government officials in Ukraine. They then took over these accounts and posted fake videos and fake news about Ukrainian soldiers. This is an example of such techniques being used.
Another aspect is that social media platforms are trying to decrease the number of viewers of RT or Sputnik, two well-known state-sponsored media outlets in Russia. Brad Smith, Microsoft president, announced last week that Microsoft would de-rank or delist state media from Bing search results. These are crucial steps technology companies can take.
What lessons can government agencies and businesses learn from this time of increased cyber activity?
Let’s be clear: We are currently in uncharted territory. This is not a business as usual situation. It’s not clear that many companies have developed well-designed playbooks for events of geopolitical gravity like what we are seeing now.
Consumer brands are responding. Formula 1 has canceled its Russian circuit. FIFA has suspended Russia’s participation in the 2022 World Cup. The same goes for Russia and Eurovision, which is a popular music program.
Security researchers and ethical hackers are mapping Russian supply-chain links in terms of hard infrastructure. Anyone profiteering from war will be called out.
It is important for business leaders to think about whether they have connectivity and what kind of engagement they have with Russia. The real responsible corporate leaders should be supporting Ukraine right now, as history will judge us all. This is the place to be.
How does cyber conflict’s future look?
According to Thomas Friedman, the world is flat. The internet has smashed the boundaries between us. Even though Ukraine may seem far away, companies should remain alert. We are connecting with Ukrainian citizens on a very personal basis. We need to make sure that we don’t fall for the misinformation that is out there.
Bad cyber actors are not limited to large corporations and government agencies. It’s possible that ransomware hackers could strike back in retaliation as sanctions continue to be imposed on Russia’s economy. One group has indicated that it was saying that Russia would be attacked if they attack it. We will also respond by going after your critical infrastructure.
This is because the actors may not be strategic. They aren’t necessarily looking for the money-rich or the money-strapped organizations. They’re opportunistic. There is some risk, regardless of whether the victim is in New York City, or Omaha, Nebraska.