The Next Russian Cyberattacks Will Be More Damaging

The British Prime Minister Theresa May has pledged £15m to strengthen cybersecurity defences at an “intelligence partners” summit with the leaders of Canada, Australia and New Zealand, who make up the "Five Eyes" security alliance with the UK and US.

Speaking at the National Cyber Security Centre in London last month, the Prime Minister said: "Russia is using cyber... as part of a wider effort to attack and undermine the international system."

"Its interference over the past year has included attacks on the public sector, media, telecommunications, and energy sectors."

On March 15, the Department of Homeland Security together with the FBI announced that Russian government hackers infiltrated critical infrastructures in the US, including “energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.”

According to the DHS-FBI report, malicious Russian activities have been ongoing since at least March 2016. The Russian malware, which has been sitting in the control systems of various US utilities, allows the Russians to shut off power or sabotage the energy grids. And they have done it before:

The same malware that took down Ukraine’s electrical grid in 2015 and 2016 has been detected in US utilities. The potential damage of a nationwide black out, let’s say on Election Day, would be significant, to say the least. And while Russian trolls and bots have captured public attention, they are already yesterday’s game.

The disinformation tools used by Moscow against the West are still fairly basic: They rely on exploiting human gullibility, vulnerabilities in the social media ecosystem, and lack of awareness among the public, the media, and policymakers.

In the very near term, however, technological advancements in artificial intelligence and cyber capabilities will open opportunities for malicious actors to undermine democracies more covertly and effectively than what we have seen so far.

Increasingly sophisticated cyber-tools, tested primarily in Ukraine, have already infected Western systems, as evidenced by the DHS-FBI report. An all-out attack on Western critical infrastructure seems inevitable.
 
Lessons from Ukraine

In the West, Russia’s cyber-attacks so far have been at the service of its disinformation operations: stolen data used to embarrass individuals, spin a narrative, discredit democratic institutions and values, and sow social discord.

This was the pattern Russian operators followed in the United States, France, and Germany during the countries’ 2016–17 elections. Hacking email accounts of individuals or campaigns, leaking that stolen information using a proxy (primarily WikiLeaks), and then deploying an army of disinformation agents (bots, trolls, state controlled media) to disseminate and amplify a politically damaging narrative.

Such cyber-enabled interference falls below the threshold of critical infrastructure attacks of significant consequence that could result in “loss of life, significant destruction of property, or significant impact on [national security interests].”

The nightmare of cyber-attacks crippling critical infrastructure systems still has the sound of science fiction to most Americans. But in Ukraine, this nightmare is real.

As the laboratory for Russian activities, Ukraine has seen a significant uptick in attacks on its critical infrastructure systems since the 2013–14 Maidan revolution.

A barrage of malware, denial of service attacks, and phishing campaigns bombard Ukraine’s critical infrastructure environments on a daily basis.

In December 2015, a well-planned and sophisticated attack on Ukraine’s electrical grid targeted power distribution centers and left 230,000 residents without power the day before Christmas. The attackers were able to override operators’ password access to the system and also disable backup generators.

Brookings Institute:                   Express:

You Might Also Read:

Leaked Emails Expose Russian Exploits In Ukraine:

The Growing Threat Of Russian Cyber Reprisals On Britain:

« Cybersecurity Advice For SMEs
Blockchain Will Radically Transform Anti-Fraud »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

SANS Institute

SANS Institute

SANS is the most trusted and by far the largest source for information security training and security certification in the world.

Clifford Chance

Clifford Chance

Clifford Chance are one of the world's pre-eminent law firms with resources across five continents. Practice areas include Cyber Security & Information Protection

EC-Council

EC-Council

EC-Council is a member-based organization that certifies individuals in various e-business and information security skills.

MetricStream

MetricStream

MetricStream provide integrated GRC solutions across business, IT, and security functions.

Ogasec

Ogasec

Ogasec is a cybersecurity company formed by the merger between Aker and N-Stalker in 2017. Solutions include Security & Connectivity Networking, Application Security, and Managed Security Services.

SixThirty CYBER

SixThirty CYBER

SixThirty is a venture fund that invests in early-stage enterprise technology companies from around the world building FinTech, InsurTech, and Cybersecurity solutions.

CUJO AI

CUJO AI

CUJO AI is the global leader in the development and application of artificial intelligence to improve the security, control and privacy of connected devices in homes and businesses.

Crosspring

Crosspring

Crosspring is an incubator/accelerator for people who have the ambition to start a successful business or want to extend their existing business in the areas of FinTech, AR, VR, Cybersecurity and SaaS

Inveteck Global

Inveteck Global

Inveteck Global is a Ghana-based cyber security firm providing strategic guidance and technical solutions to all our clients to best serve their individual needs.

Conversant Group

Conversant Group

Conversant Group is an IT infrastructure and security consulting company, providing technical, organizational, procedural, and process consulting internationally.

CloudCover

CloudCover

CloudCover is a software-defined cybersecurity risk solution that provides risk awareness, risk analytics, and data security in real time.

Bluewave

Bluewave

Bluewave are a strategic IT advisory company that offers businesses a simple and comprehensive way to purchase information technology solutions.

TetherView

TetherView

TetherView provides leading virtual desktop and email security technology to help businesses stand up and manage digital workspaces.

Q-Bird

Q-Bird

Q*Bird's mission is to provide equipment for the current, and future European quantum internet.

Realm.Security

Realm.Security

Realm.Security is pioneering the creation of an easy-to-implement, simple-to-use security fabric solution that is purpose-built for cybersecurity.

Gcore

Gcore

Gcore is an international leader in public cloud and edge computing, content delivery, hosting, and security solutions.