USA, Canada, New Zealand, The United Kingdom and Australia who are known collectively as the “Five Eyes” have released a warning about Russian State-Sponsored actors taking aim at critical infrastructure:
Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks (see the March 21, 2022, Statement by U.S. President Biden for more information). Recent Russian state-sponsored cyber operations have included distributed denial-of-service (DDoS) attacks, and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations.
Additionally, some cybercrime groups have recently publicly pledged support for the Russian government. These Russian-aligned cybercrime groups have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people. Some groups have also threatened to conduct cyber operations against countries and organizations providing materiel support to Ukraine. Other cybercrime groups have recently conducted disruptive attacks against Ukrainian websites, likely in support of the Russian military offensive.
This means that attacks are likely inbound on any country that supports Ukraine. And it means that we all need to up our cybersecurity game. To get some color commentary on this, I reached out to Darktrace and got a pair of quotes. The first is from Darktrace’s CEO, Poppy Gustafsson:
“Since the start of the war critical infrastructure globally has been on high alert to cyber-attacks. Russia has previously displayed its ability to get into the heart of critical systems and launch attacks in cyber space that have real-world impacts – such as the attack on Ukraine’s energy grid in 2015. The attack on Colonial Pipeline last year also served as a wake-up call showing defenders of critical national infrastructure that no system is invulnerable to attack.
While we’ve seen examples in the Ukraine conflict of attacks targeting industrial systems, such as Industroyer 2.0, we have yet to see any novel cyber-attacks at scale during the crisis to date. But we can say with a degree of confidence that the Russian state and state-affiliated actors have novel and destructive cyber-attacks in their arsenal and it is only a matter of time before these are deployed.
The warning from the Five Eyes represents another global effort to combat disinformation, and serves as another reminder of the urgency with which defenders must act to ensure their digital assets are protected. We have to think about the people on the other side of these warnings; the people that are responsible for defending critical infrastructure. These defenders can only take a ‘shields up’ approach so far – we must augment security teams with advanced technology that can spot, stop and investigate attacks on their behalf.”
Additionally, I have the following comment from Darktrace’s Canadian Director of Enterprise Security, David Masson:
“The US Government set a precedent some weeks ago by issuing warnings about Russia’s attack plans for the invasion of Ukraine. This was a Five Eyes government releasing intelligence to the public about Russia’s intentions. Our own intelligence agencies have repeatedly warned us about potential Russian cyber-attacks on Canadian critical infrastructure.
In the last twenty-four hours, the head of the Canadian Centre for Cyber Security, Sami Khoury, shared a joint Five Eyes advisory on social media about the “increased risk of malicious cyber activities posed by Russian state-sponsored advanced persistent threat (APT) actors, their proxies, and independent cybercriminal groups.” On American television, the US Deputy Attorney General, Lisa Monaco, said that the Russians are probing critical infrastructure, and she used the analogy of a burglar “trying to jiggle the lock to see if it’s open.”
Now is the time for all Canadian organizations, private and public, critical infrastructure or not, to work on their resilience plans, train staff, and be ready to deploy technology to deal with cyber-attacks. We need to make sure our doors are locked, but more importantly, our jewels are locked in a safe. We need to assume that sophisticated attackers will find a back door (or window) to get in and that we are prepared to catch them once inside.”
Seeing as Russian backed threat actors are already going after critical infrastructure in Ukraine, it a certainty that those attacks are coming here. Thus now is a great time to get your defences in order so that you don’t become the next company with a really bad headline.
Log4Shell Is A Wake Up Call For Cloud Security: Report
Posted in Commentary with tags Security on April 29, 2022 by itnerdValtix has released new research findings highlighting how cloud security leaders are changing the way they secure cloud workloads in the aftermath of Log4Shell. The research key findings include:
I have a pair of comments on this research. The first is from Edward Roberts, VP of Marketing for Neosec:
“As the digital transformation has evolved the adoption of cloud services and use of APIs has skyrocketed. APIs are the connective tissue for most businesses today. Since most organizations have no inventory of their APIs, it is therefore no surprise that many organizations feel their API estate is insecure.”
Sanjay Raja, VP of Solutions, Gurucul is next with some commentary:
“Too many security vendors that claim to better secure the cloud have major flaws in their capabilities. For one, many have simply “lifted and shifted” on-premise-based security software and appliances to be supported in the cloud without specifically building them to cater to fundamental architecture differences. This severely impacts deploying them correctly and much worse, limits their capabilities, especially when being leveraging and operated by security operations for the purposes of threat detection, investigation and response. This is one way attackers are finding security gaps, especially gaps in cloud threat detection solutions and programs, that allow them to leverage Log4J vulnerabilities in cloud environments. Another factor is that few security solutions can be deployed across multi-cloud architectures even if they can correlate across multi-cloud. This limits their deployability in complex environments. Threat attackers take that further to spread and effectively hide attack campaigns across multi-cloud architectures that very few solutions have security analytics for helping security teams identify the scope of such an attack”.
Log4Shell has changed the game and forced companies to rethink their security in the cloud. Or at least it should force companies to rethink their security in the cloud. Business leaders should read this report and give their security a good hard look to make sure that they aren’t the next victim of the next exploit that comes along.
Leave a comment »