Five Eyes Serves Up A New Warning About Russian Cyber Threats

USA, Canada, New Zealand, The United Kingdom and Australia who are known collectively as the “Five Eyes” have released a warning about Russian State-Sponsored actors taking aim at critical infrastructure:

Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks (see the March 21, 2022, Statement by U.S. President Biden for more information). Recent Russian state-sponsored cyber operations have included distributed denial-of-service (DDoS) attacks, and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations

Additionally, some cybercrime groups have recently publicly pledged support for the Russian government. These Russian-aligned cybercrime groups have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people. Some groups have also threatened to conduct cyber operations against countries and organizations providing materiel support to Ukraine. Other cybercrime groups have recently conducted disruptive attacks against Ukrainian websites, likely in support of the Russian military offensive.

This means that attacks are likely inbound on any country that supports Ukraine. And it means that we all need to up our cybersecurity game. To get some color commentary on this, I reached out to Darktrace and got a pair of quotes. The first is from Darktrace’s CEO, Poppy Gustafsson:

“Since the start of the war critical infrastructure globally has been on high alert to cyber-attacks. Russia has previously displayed its ability to get into the heart of critical systems and launch attacks in cyber space that have real-world impacts – such as the attack on Ukraine’s energy grid in 2015. The attack on Colonial Pipeline last year also served as a wake-up call showing defenders of critical national infrastructure that no system is invulnerable to attack.

While we’ve seen examples in the Ukraine conflict of attacks targeting industrial systems, such as Industroyer 2.0, we have yet to see any novel cyber-attacks at scale during the crisis to date. But we can say with a degree of confidence that the Russian state and state-affiliated actors have novel and destructive cyber-attacks in their arsenal and it is only a matter of time before these are deployed.

The warning from the Five Eyes represents another global effort to combat disinformation, and serves as another reminder of the urgency with which defenders must act to ensure their digital assets are protected. We have to think about the people on the other side of these warnings; the people that are responsible for defending critical infrastructure. These defenders can only take a ‘shields up’ approach so far – we must augment security teams with advanced technology that can spot, stop and investigate attacks on their behalf.”

Additionally, I have the following comment from Darktrace’s Canadian Director of Enterprise Security, David Masson:

“The US Government set a precedent some weeks ago by issuing warnings about Russia’s attack plans for the invasion of Ukraine. This was a Five Eyes government releasing intelligence to the public about Russia’s intentions. Our own intelligence agencies have repeatedly warned us about potential Russian cyber-attacks on Canadian critical infrastructure.

In the last twenty-four hours, the head of the Canadian Centre for Cyber Security, Sami Khoury, shared a joint Five Eyes advisory on social media about the “increased risk of malicious cyber activities posed by Russian state-sponsored advanced persistent threat (APT) actors, their proxies, and independent cybercriminal groups.” On American television, the US Deputy Attorney General, Lisa Monaco, said that the Russians are probing critical infrastructure, and she used the analogy of a burglar “trying to jiggle the lock to see if it’s open.” 

Now is the time for all Canadian organizations, private and public, critical infrastructure or not, to work on their resilience plans, train staff, and be ready to deploy technology to deal with cyber-attacks. We need to make sure our doors are locked, but more importantly, our jewels are locked in a safe. We need to assume that sophisticated attackers will find a back door (or window) to get in and that we are prepared to catch them once inside.”

Seeing as Russian backed threat actors are already going after critical infrastructure in Ukraine, it a certainty that those attacks are coming here. Thus now is a great time to get your defences in order so that you don’t become the next company with a really bad headline.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: