US issues another warning over Russian cyber attacks

A report authored by The Cybersecurity and Infrastructure Security Agency (CISA) warns of an increased threat of Russian cyber attacks on critical infrastructure.

The report titled ‘Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure’ was put together in partnership with an Avengers-esque team up of law enforcement bodies from around the world, including the Federal Bureau of Investigation, National Security Agency, Australian Cyber Security Centre, Canadian Centre for Cyber Security, National Cyber Security Centre New Zealand, and the UK’s National Cyber Security Centre and National Crime Agency.

In the report are details of malicious cyber operations intelligence suggests are being prepared by various Russian state bodies and ‘Russian-aligned’ cybercrime groups. It asserts that there is an increased threat that critical infrastructure networks could be targeted with destructive malware, DDoS attacks, ransomware attacks, and cyber espionage.

As such, it recommends several immediate actions for ‘all organizations’ to take to protect their networks, which are:

Prioritize patching of known exploited vulnerabilities

Enforce multifactor authentication

Monitor remote desktop protocol (RDP) and

Provide end-user awareness and training

“Given recent intelligence indicating that the Russian government is exploring options for potential cyberattacks against US critical infrastructure, CISA along with our interagency and international partners are putting out this advisory to highlight the demonstrated threat and capability of Russian state-sponsored and Russian aligned cybercrime groups,” said CISA Director Jen Easterly. “We know that malicious cyber activity is part of the Russian playbook, which is why every organization – large and small – should take action to protect themselves during this heightened threat environment.”

Sami Khoury, Head, Canadian Centre for Cyber Security added: “Russia has significant cyber capabilities and a demonstrated history of using them irresponsibly, and state-sponsored malicious cyber activity is a real risk to organizations around the world. By joining alongside our partners in releasing today’s joint advisory, the Communications Security Establishment and its Canadian Centre for Cyber Security continue to support making threat information more publicly available, while providing specific advice and guidance to help protect against these kinds of risks.”

This is the latest US-led public warning of impending cyber-grief from Russia, albeit this time coming from a big gang of western intelligence and law enforcement bodies. Last month US President Biden himself made a statement imploring companies to urgently improve their cyber defences in the face of likely malicious action by Russia.

Regardless of how many agencies put their name to it, there’s probably only so much more that individual organisations can do themselves in response to these sorts of warnings, even if the threats are as serious suggested. The recommendations listed above are fairly basic security procedures that you would expect healthy IT department to already be instituting, and the reality is that a full scale DDOS attack targeted against any company in particular is likely to roll over them anyway, as we have seen happen in the past.