U.S. companies, especially in the defense industry, must be prepared for an increase in cyberattacks aimed at data theft or disruption of operations as a result of Russia’s new aggressive activities against Ukraine, a senior Justice Department spokesman said Thursday. Comments come in a day new alert from the FBI, the National Security Agency and the Computer Infrastructure Security Agency, or CISA, warning that Russian hackers have hit defense contractors and are likely to continue their attempts.
“Given the very high tensions we are experiencing, companies of any size and any size would be foolish not to prepare right now while we are talking to increase our defenses, do things like fixes, increase our readiness, monitor in real time time, their cybersecurity, ”Deputy Attorney General Lisa Monaco said during the Munich Security Conference.
Asked whether the escalation of the conflict between Russia and Ukraine could affect utilities, business or other facilities outside of Eastern Europe, Monaco recalled what had happened a few years ago. In June 2017, Russian troops deployed a cyber weapon called NotPetya against Ukrainian infrastructure, but it quickly spread to a wide range of other facilities around the world, including US hospitals, costing an estimated $ 10. billions of losses. “As you know … the events that followed the attack on NotPetya a few years ago were considered very hypothetical. This attack started in Ukraine and really spread to the whole world, ”Monaco said.
Ukraine has significantly increased its military capabilities since Russia first launched a war against the country in 2014. All this modern equipment is already a target for operations of Russian special services against Ukrainians and American companies, Josh Lospinosa, CEO and co-founder of cybersecurity company Shift5, said Defense one. Lospinos has been testing the penetration of American military electronics for more than a decade while in the military. Over the past few years, Ukraine has taken control of key parts of new military equipment, including Turkish-made attack drones, used U.S. Coast Guard patrol boatsand en An-178 transport aircraftall potentially vulnerable to Russian infiltration.
Take this transport plane, it probably contains dozens of modern electronic systems that constantly send and receive data that is vulnerable, Lospinosa said. “This is a modern aircraft. It’s flying on wires. It has dozens of digital components that are responsible for its operation. There are transceivers for all modern aircraft protocols, broadcasting GPS-dependent surveillance. I mean, it’s all digital data flowing back and forth from other planes to the ground to critical avionics subsystems, right? I’ll tell you from experience that every system I’ve ever seen has vulnerabilities, and it’s just a matter of whether someone searched hard enough and, you know, made an effort. ”
Russia already has a huge advantage due to wealth. The more money you can spend on computer or electronic equipment – equipment that can get your hands on the military is rapidly acquiring foreign equipment to respond to an impending invasion – the greater the odds.
“If Russia can buy Ukrainian military equipment – I have to assume that it is much easier than finding an F-35 avionics computer – it will have much more opportunities to develop a kind of viable cyber attack. against systems, ”Lospinosa said.
This does not necessarily mean that all the equipment used by Ukrainians will break when first turned on. It depends on where on the network attackers will be able to establish a presence. Often, attackers will move sideways between devices on the network after gaining access, finding a location, and trying to figure out where to go to find more information or avoid detection.
“After the initial access comes a period of discovery, when you find out, ‘Okay, where did I land?’ Did I steal my credentials? Were … able to access a bunch of laptops for maintenance? ‘ or “I have this radio that we were able to buy, which fell somewhere from the truck, and we did reverse engineering, and we found an opportunity to enter data into it” … There is this vector of initial access … then the question becomes, well, well, what can we do about it? ”
In many cases, the answer may be to wait and see how other players work online. Consider how Russia was able to in 2014 theft an application that Ukrainian soldiers used to target artillery fire and, through malware infection, used the same program to find Ukrainian targets and target them.
In military technology, user behavior can also provide valuable human intelligence, Lospinosa says. “The more you can observe the human layer on top of this technology operating in conflict, you’ll see all sorts of potential vulnerabilities in terms of attackers, like,‘ Oh boy, well, that’s how we get caught if, you know, such and such will do the usual scanning on Mondays.
In general, according to him, both Ukraine and the United States should assume that Russia has already found vulnerabilities in almost all electronic equipment they use, and will continue to look for new ones. ‘
“It’s just a textbook Russian tactic not only of plausible denial, but also of asymmetric warfare.”
https://www.defenseone.com/technology/2022/02/us-companies-warned-prepare-russian-cyber-attacks/362172/ US companies have warned of preparations for Russian cyberattacks