On Monday, March 21, 2022, the Biden White House released a statement advising U.S. private sector organizations to strengthen their cybersecurity practices, citing intelligence reports indicating that Russia is looking at options for cyberattacks against the United States.
The statement from the White House reads, “If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year. You have the power, the capacity, and the responsibility to strengthen the cybersecurity and resilience of the critical services and technologies on which Americans rely.”
Although the U.S. government doesn’t have intelligence on a specific cyberattack, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, said that the White House held classified briefings with companies last week based on “preparatory activity” that U.S. intelligence is receiving from Russia. Neuberger also stated that there has been an increase in malicious behavior, and there are still avenues for bad actors to exploit critical targets.
This announcement comes on the heels of a massive DDoS attack targeting Israel’s government, as well as the news that hackers had infiltrated computers belonging to current and former employees at nearly two dozen major U.S. LNG suppliers in February in what was likely a “pre-positioning” mission.
The White House cited their previous statement outlining specific steps to strengthen cybersecurity posture, including:
- Mandating the use of multifactor authentication
- Deploying modern cybersecurity tools
- Ensuring that systems are patched and protected against known vulnerabilities
- Changing passwords across networks and devices
- Backing up data offline
- Rehearsing incident response plans
- Encrypting data
- Educating employees about common attacker tactics
There is no doubt that Russia possesses advanced cyber capabilities. As we saw last year, Russian ransomware gangs launched several successful high-profile attacks, including the attack on Colonial Pipeline, which led to gas shortages on the U.S. East Coast, followed by attacks on meat processor JBS, managed service provider (MSP) Kaseya, and various local government entities. Given the economic hardships facing Russia, it’s reasonable to expect these type of ransomware operations to increase in the future.
As Jim Crowley, CEO of Industrial Defender, stated in a recent article, “A concerning possibility is that some percentage of Russia’s [unemployed] software talent may turn to one of their most successful exports – ransomware blackmail gangs. The Russian government, which has always turned a blind eye at best, will only encourage this escalation.”
We are in the midst of an accelerating global cyber war, and all critical infrastructure operators should be taking cybersecurity seriously.