Organizations must continue to be proactive in cybersecurity due to the increased threat activity occurring worldwide. Between the most recent Okta breach to the Russian threats, organizations and individuals should be on the offense when securing their technology environment.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Shields Up alert to warn American companies about the potential risk of increasing Russian hacking attempts that target essential services and critical infrastructure. Attacks have accompanied the unprovoked attack on Ukraine on critical infrastructure and government targets within the country.
The types of attacks that are documented by the media to date include mass DDoS and the use of data wiping HermeticWiper malware. In addition, the U.S. and U.K. jointly have released an advisory on the Sandworm malware that targets Linux. Executable and Linkable Format (ELF) of Linux operating systems exploit a Linux API function to download malicious files, execute attacks, and maintain persistence on victim networks. According to government agencies, this particular software, also named Cyclops Blink, has been associated with a botnet known for attacking small and home offices since June 2019. This specific malware can upload and download files from infected machines in a modular way, allowing new hacking capabilities to be added over time.
CISA, in conjunction with other government agencies that include the U.S. Department of Homeland Security, military, law enforcement, and the U.S. Intelligence community, are currently monitoring the threat environment 24/7 to evaluate the current activity and threat situation.
The National Cyber Security Centre (NCSC) has issued a list of security measures as the threat levels increase. This list is an excellent set of things to consider from individuals to enterprise organizations. Other international security organizations also have issued warnings.
As a result of the increasing threats by Russia, President Joe Biden has urged U.S. companies to be on high alert due to the “evolving intelligence” that Russia is continuing to explore potential cyberattacks targeting critical infrastructure. The recommendation states, “If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year.”
The constant threat of hacking critical infrastructure, although not new, is concerning due to the nature of the severity of the potential of the types of attacks. On April 25, the U.S. Department of Justice (DOJ) publicly detailed charges against three Russian FSB officers working for the Russian military research institute for past attacks against critical infrastructure providers. The charges state that attacks between 2012 and 2018 targeted hundreds of companies in 135 countries. The unsealed indictment states that attacks on internal control systems (ICS) took place using Triton and Havex malware that were both designed to infect safety instrument systems (SIS) and supervisory control and data acquisition (SCADA) networks. These specific malware attacks targeted energy sector organizations such as power plants and oil and gas companies. These specific incidents date back as far as 2012 and illustrate that critical infrastructure in the U.S. has been under siege for over a decade from hostile nations. The current environment’s challenge is that bad actors can infiltrate and exist within a trusted network for years without detection. Once in, these hacktivists can lay in wait until they decide to make enough noise to be detected.
According to Reuters, the FBI has confirmed that Russian hackers have been scanning energy companies and other critical infrastructure in the U.S. Although this is a common issue with critical infrastructure, the frequency and persistency of these scans have significantly increased since the start of the Russian invasion of Ukraine. Organizations should continue to take the necessary steps to secure their environments.
Stephanie Benoit-Kurtz is lead area faculty chair for cybersecurity programs at University of Phoenix and Principal Security Consultant at Trace3.