FBI Prepares for Russian Cyberattacks
March 15, 2022 by Seb Guerriero
As the U.S. and its NATO allies stand behind Ukraine against Russia’s attack, the FBI warns of an increase in probable cyberattack backlash against the U.S.
“Local governments and agencies are responding to warnings from the FBI that cyberattacks have the potential to escalate and disrupt essential services and business as tensions rise between the United States and Russia over the invasion of Ukraine,” according to an article published by Spectrumnews1.com.
David Ring, FBI cybersecurity official, informed local and state government officials and private executives this week that as the U.S. tightens sanctions against Russia, a cyberthreat response in retaliation is possible. "Russia is a 'permissive operating environment' for cybercriminals — one that 'is not going to get any smaller' as Russia's confrontation with the West over Ukraine continues and further sanctions are announced ” (CNN “US officials tell businesses to watch for potential ransomware attacks after Biden announces Russia sanctions”).
According to the Hill, the Cybersecurity & Infrastructure Security Agency (CISA) stated, “'While there are no specific or credible cyber threats to the U.S. homeland at this time, we are mindful of the potential for Russia’s destabilizing actions to impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our Allies. Every organization — large and small — must be prepared to respond to disruptive cyber activity' (Cyber officials urge agencies to armor up for potential Russian attacks)." Nearly 74% of all money made through ransomware attacks in 2021 were linked to Russia-based cybercriminals (ibid Spectrumnews1.com).
Homeland Security is advising local governments to implement the “Shields Up” initiative - a directive by the Cybersecurity and Infrastructure Security Agency (CISA) for all organizations to adopt a heightened position in relation to cybersecurity and protecting critical assets and data (ibid Spectrumnews1.com). CISA recommends network administrators review CISA's Russia Cyber Threat Overview and Advisories page for additional insight into Russian state-sponsored malicious cyber activities (ibid Spectrumnews1.com).
The FBI, in conjunction with CISA and the National Security Agency is encouraging the cybersecurity community to adopt an elevated state of awareness, conduct proactive cyberthreat hunting measures, and implement mitigation protocols as identified in the joint Cybersecurity Advisory (ibid Spectrumnews1.com). Sophisticated cybercriminals, including nation-states and their proxies, have demonstrated capabilities to compromise networks and develop long-term persistence mechanisms.
Chris Seidt, director of information technology, Louisville Metro Government said, cyberthreats "'can disrupt not just city operations but also affect the supply chain or services citizens need, delivered by the city or by private businesses. There are nation-state actors that have very robust hacking teams that are highly skilled, and certainly Russia falls into that wheelhouse of being highly skilled at infiltrating other systems'” (ibid Spectrumnews1.com).
“'I think we’re all just on heightened awareness, looking for anomalies, because the one thing a good hacker will do is pivot through other systems they've already compromised. You can't just count on the attack coming straight to you from a known bad actor. A lot of times, they'll compromise a different organization or come from a different path that you weren't expecting; we're always adapting and defending against that.” (ibid Spectrumnews1.com)
The FBI not only suggested local, state, and federal governments, agencies and organizations be on "heightened alert" of threats, but also "indicators of compromise, such as known malicious IP addresses and file names so cities could tune its defense systems to prepare for them" (ibid Spectrumnews1.com).
The FBI Liaison Information Report (LIR) from Feb. 20 "also called on the U.S. private sector to be prepared for potential state-sponsored cyberattacks to be launched by Russia" (ibid Spectrumnews1.com). “The FBI Cyber Division, in coordination with the FBI's Office of Private Sector (OPS), prepared this LIR to inform the private sector about the threat of Russian state-sponsored advanced persistent threat (APT) cyber activities" (ibid Spectrumnews1.com).
"'While tensions with Russia are heightened,' according to the report. 'The FBI is engaging in efforts to support the U.S. response and to secure the homeland from any Russian actions. Historically, Russian state-sponsored APT cyber activities increase when tensions are high with Russia.'" (ibid Spectrumnews1.com)
Local governments, agencies, and private organizations can proactively take steps to detect threats and prepare should an incident occur. CISA recommends the review of CISA Insights: Preparing For and Mitigating Potential Cyber Threats to take immediate steps to strengthen their computer network defenses against potential malicious cyberattacks.