Attacks and Vulnerabilities
CISA
Critical infrastructure
News
Vendors

DHS memo warns critical infrastructure sector of Russia conducting disruptive or destructive cyberattacks

January 25, 2022
DHS memo warns critical infrastructure sector of Russia conducting disruptive or destructive cyberattacks

A DHS memo has been issued on Sunday to critical infrastructure operators and local governments, warning of potential cyberattacks launched by the Russian government. The guidance comes in the midst of rising tensions between the two countries over Ukraine. 

Russia would consider conducting a cyberattack on the US if Moscow perceived that a US or NATO response to a potential Russian invasion of Ukraine “threatened [Russia’s] long-term national security,” according to a Department of Homeland Security (DHS) intelligence bulletin accessed by CNN.

“Russia maintains a range of offensive cyber tools that it could employ against US networks—from low-level denials-of-service to destructive attacks targeting critical infrastructure,” according to the DHS memo. It also added that “we assess that Russia would consider initiating a cyber attack against the Homeland if it perceived a US or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security.” 

Despite the current U.S. tensions with Russia, DHS analysts assess that Moscow’s threshold for conducting disruptive or destructive cyberattacks on the U.S. “probably remains very high,” the memo says. “[W]e have not observed Moscow directly employ these types of cyber attacks against US critical infrastructure—notwithstanding cyber espionage and potential prepositioning operations in the past.”

The DHS memo follows last week’s alert from the Cybersecurity and Infrastructure Security Agency (CISA) notifying enterprises to implement cybersecurity measures to protect against potential critical threats, following reports of the WhisperGate malware wiping out data on Ukrainian computers in a coordinated attack. Users of industrial control or operational technology (OT) systems, were directed by the CISA to conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.

The DHS memo comes as the crisis in Ukraine has proven to be a catalyst for additional aggressive cyber activity that will likely increase as the situation deteriorates, John Hultquist, vice president of threat intelligence for Mandiant, wrote in a company blog post. “Cyber espionage is already a regular facet of global activity, as the situation deteriorates, we are likely to see more aggressive information operations and disruptive cyber attacks within and outside of Ukraine,” he added.

“This warning shouldn’t come as a surprise. The Russian government has a well-known history of sponsoring cyberattacks across the globe, and it has been ramping up its activities in recent years,” Dominick Birolin, vice president of cybersecurity at Rokster, wrote in a company blog post. 

Birolin analyzed Microsoft data on this front. “Its 2021 Digital Defense Report notes that 58% of all cyberattacks observed by Microsoft from nation-states during the prior year came from Russia. Microsoft also reports that the attacks from Russian nation-state actors are increasingly effective – hitting a 32% successful compromise rate in 2021 vs. 21% the year before,” he added.

“The cybersecurity industry has gotten used to tossing around the idea of ‘nation-state’ adversaries, but I think we’ve yet to see cyber attacks used in concert with a full-fledged military campaign,” Tim Erlin, vice president of strategy at Tripwire, wrote in an emailed statement. “DHS’s warning sets that expectation that something has changed in the threat profile, and that organizations should be prepared for a change in the types of attacks they see.”

It’s entirely valid for organizations to wonder what they’re supposed to do differently when faced with this type of alert, according to Erlin. “Cybersecurity calls for constant defense already, and an alert like this doesn’t magically remove the obstacles that are preventing organizations from implementing solid security controls. For most companies, a DHS alert simply doesn’t create budget or add people to their staff,” he added. 

It is considered fairly natural for cybersecurity attacks to accompany kinetic, real-world battles, Roger Grimes, data-driven defense evangelist at KnowBe4, wrote in an emailed statement. “What surprises me a bit is that it used to be that only the directly involved parties…government and government-related contractors and suppliers, had to be worried. But Russia has changed that equation enormously over the last year.”

“Nation-state attacks are happening by the tens of thousands and occurring against organizations with no direct government affiliation,” according to Grimes. “Everyone is apparently a ‘fair target’ these days. It is really a change in the state of nation state attacks and cyberwarfare. And it is permanent,” he added.

In a related development, a group of Belarusian hackers claims to have encrypted the servers, databases, and workstations of Belarusian Railways with the aim of slowing down Russian troop movements, as tensions continue to mount toward a potential Russian invasion of Ukraine.

Cyberattacks from Russian hackers are not new to the US. critical infrastructure sector. Earlier this month, the security agencies from the U.S. and U.K. provided advice on countering Russian state-sponsored cyber threats targeting critical infrastructure environments.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation