The Russian Cybersecurity Threats in the Wake of U.S. Sanctions

March 1, 2022
History tells us that when we have more of a united front, Russia is more likely to do a show of force, but not necessarily act on that

As Russia increases the ferocity of its physical attacks on Ukraine and the U.S. and allied nations impose stiffer sanctions, cybersecurity experts have been sounding the alarm. The Cybersecurity & Infrastructure Security Agency (CISA) put out its Shield Alert in February, warning that Russia will likely retaliate against the U.S. sanctions with cyberattacks on businesses and economic sectors. CISA urged businesses to prepare for attacks including malware, distributed denial of service (DDOS) attacks, and misinformation, disinformation, and malinformation (MDM) attacks.

Long gone are the days when a war on the other side of the world stayed on the other side of the world. Now, government and industry leaders have to be prepared for cyberwarfare, which spills over into cities and businesses. Cyberattacks are more than just an annoyance, as we saw with the 2021 Colonial Pipeline attack. These attacks takedown operations, bring commerce to a halt, disrupt supply chains, and put civilians at risk. With cyber warfare, there is something to be said for civilians to be casualties outside of a direct target. Russia may be going after Boeing, for example, there will be ancillary victims as well.

The Russian government knows this. That’s why it has already attacked Ukraine with attacks on its banking system and on critical infrastructure. In the U.S., the FBI is preparing for similar attacks. Fortunately, companies and organizations can protect themselves, but they have to work fast.

First Steps

If you are a business owner or the head of IT for an organization if you haven’t already beefed up your cybersecurity, what can you do in the wake of the CISA warning? If you take away anything from this article, it’s two things:

●      Start now.

●       You don’t have a lot of time.

I recommend that IT security leaders review their backup plans for an attack. Can a company move to a different system if its network is compromised? Can business be conducted on an alternate operating system? Having a backup plan that is in place, tested, and ready to go is essential to minimize disruption.

Do you have an incident response plan? If not, develop one right away. Your company needs to know who is going to make the decisions in the aftermath of an attack, what those decisions are, and who you need to talk to with regard to the next steps. This includes your law enforcement and forensics contacts, your third-party security providers (if you have one), and other stakeholders.

Have employees been notified of the threat? Enlist their involvement. Companies that run phishing tests once a quarter to train employees how to handle suspicious links in e-mails may want to run a few more tests to keep security top of mind. As the CISA alert advises, make sure everyone in your organization is on high alert.

This is especially important in the case of MDM attacks – these Russian misinformation campaigns have already been shown to be highly effective in global markets.

If your company hasn’t already partnered with CISA and other federal agencies, now is the time. It’s so important to build a relationship with these agencies so you can stay abreast of global incidents with timely security reports and other resources that can help you secure your business.

Major Targets

There are several industry sectors that are likely to come under a Russian cybersecurity attack if they haven’t already. These sectors include the financial markets, manufacturing, supply chain, infrastructure, and healthcare. If any companies or organizations are compromised, it can result in serious economic and civilian hardship.

Financial services -- I expect the financial sector to be among the first targets. This will be a direct response to economic sanctions – a tit for tat attack, so to speak. Russia won’t just focus on the U.S. The European Central Bank has also warned banks to prepare for Russian cyberattacks.

Large financial corporations likely have significant cybersecurity operations in place. Now is the time to review those operations and make sure that all leaders understand the incidence response plan. They should have conducted a security audit, patched any outstanding vulnerabilities, and strengthened their defenses. Russian hackers are inexorable; if they are blocked in one area, they’ll keep probing for a weakness.

Manufacturing and supply chain -- The U.S. manufacturing sector relies on both Russia and Ukraine for products such as airplane parts and semiconductors. A war will certainly disrupt the supply chain for companies that rely on these products. Further disruption via a cyber-attack can cause operations to grind to a halt.

Russia can focus its attacks on small third-party suppliers and be far more effective than trying to stop a Boeing or similar corporation in its tracks. These small suppliers are less likely to have robust cyber security programs in place. By attacking small shops, Russia can effectively stop big conglomerates.

Russian hackers are very good at identifying these small holes that should have been patched but aren’t and exploiting these vulnerabilities.

Healthcare system -- Our healthcare system is uniquely vulnerable to cyberattacks, and patients could suffer serious health impacts if Russia targets hospitals and healthcare providers. Not only are healthcare employees under pressure from the COVID-19 pandemic, which can make them more susceptible to social engineering and phishing attacks, but the risk to the patient population is also quite high. Cyber and ransomware attacks can prevent access to electronic health records, scheduling software, and patient information. They can also disable medical devices. That’s because medical equipment has become increasingly sophisticated, as each device has become linked to the Internet via the Internet of Things. With this sophistication comes risk, as that means hospitals can be compromised via these devices. Basically, any piece of equipment with an IP address is a node of vulnerability.

Transportation and critical infrastructure -- As I’ve mentioned before, the possibility of cyberattacks on mass transportation keeps me up at night. Such an attack would have the potential for civilian injuries or casualties. Similarly, critical infrastructure such as the electric grid or gas pipelines would also be considered high-risk targets because of the potential for serious disruption or impact on civilians.

Managed security providers -- Many companies and organizations have chosen to contract with a managed security services provider. This third-party service is another point of vulnerability, however, and Russian hackers are likely probing the defenses of these services to find a way into their clients.

Businesses contract with these providers, and they operate under a secured federated trust. These providers may be housed in the U.S., or they’re based overseas – in India, for example. These services handle all the first-line operations and defense for their clients. Unfortunately, many companies in the U.S. don’t do their due diligence and investigate the defenses of this third-party provider.

I do understand why companies choose to go this route. Managed security services allow companies to ramp up security skills a lot faster than hiring internally. So, there are financial benefits as well as potential drawbacks.

Next Steps

Maybe you’re the IT Security Manager for a small company that isn’t in one of these sectors. Don’t breathe a sigh of relief yet. Every organization is vulnerable, because we’re all connected, and the risks come from everywhere. These attacks by Russia and other state sponsors of cyberwarfare will only become more frequent and bolder as time goes on.

In one sense, your company can use this warning as a wake-up call. It’s critical to develop a security culture and mindset. Train employees to be more thoughtful and aware. Teach them not to click on every link in every e-mail. Approach this as an opportunity to strengthen your company’s security posture and position. Conduct an audit. Discover what your company holds most near and dear: Client data? Patient care? Patented product plans? Determine the keys to the kingdom and how your company is protecting it. Or, if it’s not protected, how do you put that plan in place? This is especially important when reporting to company leaders who don’t have a cybersecurity background. Company leaders must understand what’s at stake if they punt on cybersecurity.

Because we’re so reactive, use this situation to push the envelope. Take advantage of the opportunity to promote cybersecurity awareness. Maybe there’s a particular software application that you think will be a great fit for your company’s security needs. Or there’s a security conference that you’ve always wanted to attend. Now is the time to make the case for taking these steps and boosting your company’s defenses.

Conclusion

When I first heard that Russia was massing troops on Ukraine’s border, my first thought was, how would the United States react, and whether or not we had the backing of other nations as well. History tells us that when we have more of a united front, Russia is more likely to do a show of force, but not necessarily act on that. But when we don’t have a solidified front, they’re more likely to dip their toe in the water.

Just the knowledge of Russia’s cyberwarfare capabilities, and the potential for impact on the manufacturing and supply chain position of both Russia and Ukraine, and how the world is relying on those positions, that’s when it became clear for me not just the potential for military warfare but for cyberwarfare.

With foreknowledge, however, there’s the opportunity to prepare for potential attacks and your business safe.

About the Author: Dr. Brian Gantis an Assistant Professor of Cybersecurity at Maryville University, with over 18 years of Corporate and Federal Government experience in analytics, threat intelligence, critical infrastructures and executive protection.
About the Author

Dr. Brian Gant | Assistant Professor of Cybersecurity at Maryville University

Dr. Brian Gant is an Assistant Professor of Cybersecurity at Maryville University, with Executive professional with over 18 years of Corporate and Federal Government experience in analytics, threat intelligence, critical infrastructures and executive protection.