DHS memo warns of potential Russian cyberattack

Originally published by: Security Magazine | Jan. 28, 2022

According to a Department of Homeland Security (DHS) intelligence memo sent to law enforcement around the United States, DHS ranks the risk of a cyberattack on U.S. organizations by Russia as remaining “very high.”

Tensions between Russia and the Ukraine have risen, with a cyberattack on multiple Ukrainian governmental websites and an increase of Russian troops at the border since the start of 2022. The DHS memo warned law enforcement officials of a possible Russian cyberattack on U.S. organizations if the situation continues to escalate.

Security leaders with military and cyber expertise weigh in on the warning below:

Jeff Engle, Chairman and President of Conquest Cyber

There are real geopolitical implications when the private industry and government organizations that support national critical functions lack cyber resiliency. The United States’ dominant worldwide stance relies upon our ability to project power, support our allies and deter threats on a global scale. Our literal geographic position in the world, powerful navy and innovative populace has given us a historical advantage.

Cyber erodes that dominant position. Our decentralization and distribution of national critical functions helps spur innovation, but without cyber resiliency, it can also become the source of our greatest weakness. Now, we are seeing what was inevitable. Our options are being limited not by the reality of debilitating cyberattacks but the real threat that they are not only possible — they are likely already present and awaiting the “go ahead.”

Colonel Barry Hensley, (USA, Ret.), SVP and Chief Threat Intelligence Officer at Secureworks

We have recently seen the rising geopolitical tensions between Ukraine and Russia appear to result in a combination of cyberattacks including website defacement, DDoS attacks and use of a malicious software called WhisperGate to sabotage or wipe critical data. We know that this is currently not another version of NotPetya. But with the recent statement issued by the U.S. Department of Homeland Security, we understand that heightened focus on these attacks can make organizations wonder if they are at risk from further escalation of the situation between Russia and the Ukraine.

I think tensions will heighten — and depending on U.S./North Atlantic Treaty Organization (NATO) and Russian actions and reactions — this has the potential to reach beyond just the Ukraine, even if by collateral damage. It is a good time to assess where your partners and suppliers have a presence geographically, as you may have an inherited risk you may not have been aware of or may not have concerned you previously. Organizations with operations in the Ukraine should be extra vigilant and review their business continuity and resilience plans. The keys we would recommend focusing on would be first, maintaining current backups of business-critical systems and data — and ensuring that backups cannot be impacted by ransomware-style or wiper malware attacks and that they are tested for functionality. Backups that do not work as designed are not of any use. Secondly, we would recommend preparations for continuity of operations in the case of power disruptions or the loss of other business-critical services. We have recommended to our clients who have reached out that they monitor, segment networks and block known threat indicators — we are able to help organizations who don’t have a security partner and need help identifying a course of action in this area.

It is always good to remember that opinions will vary widely, depending on where in the world you sit. There will be both pro-Russian and pro-Ukraine sentiment running very high in that region, and it is especially important for companies and organizations to refrain from public commentary about either, lest you draw the ire of nation-state or activist groups that wish to make a statement by attacking you in response.

For further information contact:
Mercedes Jorge
mjorge@conquestcyber.com

About Conquest Cyber

CONQUEST is the premier cyber resiliency software platform – enabling an ecosystem of partners and customers across critical sectors to defend against threats, get resilient and enable the US to gain a competitive edge in the battle for cyber supremacy.

Originally founded in 2008, Conquest Cyber took off under the leadership of Jeffrey J. Engle, a retired Special Operations combat veteran and highly regarded expert in adaptive risk management for critical infrastructure. We have an office in Miramar, FL and our Headquarters is in Nashville, TN.