Fears are rising that the boundaries of the cyber war between Russia and NATO could soon spread beyond Europe.
Eight cybersecurity authorities from the so-called “Five Eye” nations (United States, United Kingdom, Australia, Canada and New Zealand) released a joint statement on Thursday warning that more malicious cyber activity is on the way as Russia’s invasion of Ukraine continues to impact geopolitical stability.
Before we look at the statement in any depth, an important five-pronged caveat is needed: both the US and the UK are among the primary antagonists in NATO’s ongoing war with Russia; they both have significant offensive cyber war capabilities of their own; US intelligence agencies, at Obama’s behest, have drawn up a list of potential overseas targets for cyber attacks; both countries have surreptitiously conducted vast surveillance programs, targeting not only their own populations but also citizens and government leaders of other countries; and the world right now is in the grip of the biggest information war of this century.
As such, any information coming out of the Five Eyes’ intelligence services should be treated with a healthy dose of skepticism. That having been said, here are the first three paragraphs of the missive:
The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecurity Advisory. The intent of this joint CSA is to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners.
Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks (see the March 21, 2022, Statement by U.S. President Biden for more information). Recent Russian state-sponsored cyber operations have included distributed denial-of-service (DDoS) attacks, and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations.
Additionally, some cybercrime groups have recently publicly pledged support for the Russian government. These Russian-aligned cybercrime groups have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people.
The document also emphasized the frontline role likely to be played by Russian state actors, including the Russian Federal Security Service (FSB), the Russian Foreign Intelligence Service (SVR), Russian General Staff Main Intelligence Directorate (GRU), GRU’s Main Center for Special Technologies (GTsST) and the Central Scientific Institute of Chemistry and Mechanics (TsNIIKhM) of the Russian Ministry of Defense.
The authors of the document urge critical infrastructure organizations to take immediate steps to protect against cyberattacks. Those steps, they say, should include patching known exploited vulnerabilities, updating software, enforcing multi-factor authentication, securing and monitoring remote desktop protocol (RDP) and other “potentially risky” services, and providing end-user security awareness and training. As The Register, a British technology news website, notes, if any of these recommendations come as a surprise to critical infrastructure operators, “we’re screwed”.
The warning from the “Five Eye” nations comes just days after NATO began (as Bloomberg puts it) “the largest and most complex ‘live-fire’ cyber defense exercises” ever conducted. More than 2,000 people from 32 nations were expected to participate in the war game, which began on Tuesday in Tallinn, Estonia. They include representatives of five to 10 large global financial institutions, including Santander and Mastercard.
This is all happening as fears rise that the boundaries of the cyber war between Russia and NATO could soon spread beyond Europe, where attacks have been registered not only in Ukraine and Russia but also Poland and Finland. On March 21, President Joe Biden warned American businesses to prepare themselves for cyberattacks. Russia is likely to deploy cyber attacks as a form of retaliation against US sanctions, Biden said, adding that Russia has “a very sophisticated cyber capability,” which Putin “hasn’t used… yet” but which forms “part of his playbook.”
Cyber War Reaches Latin America?
Over the past week, two Latin American countries, Costa Rica and Puerto Rico, have suffered major cyber attacks targeting key national infrastructure. In Costa Rica a wave of attacks on Wednesday temporarily disabled websites belonging to the Ministry of Finance, the Ministry of Science, Innovation, Technology and Telecommunication, the Costa Rica Social Security Fund, the National Meteorological Institute (IMN) and the Costa Rican Radiographic Institute (Racsa).
Following the attack the Ministry of Science’s Director of Digital Governance, Jorge Mora, noted that the digitization of governmental activities creates risks as well as benefits. As for who was responsible, Mora said a US$10 million ransom demand had been posted on the dark web by the Conti Group, a pro-Russian ransomware gang that has threatened to deploy retaliatory measures if cyberattacks are launched against Russia…
Continue reading on Naked Capitalism