We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!


A report suggesting it’s possible that Russia might be eyeing a cyberattack against U.S. infrastructure, amid tensions between the countries over Ukraine, should not be ignored by the cybersecurity community.

Today, CNN reported that it had viewed a Department of Homeland Security (DHS) intelligence bulletin on the topic. The bulletin suggested that in the event Russia invades Ukraine, a U.S. or NATO response to the invasion might prompt a cyber offensive from Russia against targets located in the U.S.

The attacks could range “from low-level denials-of-service to destructive attacks targeting critical infrastructure,” according to the January 23 bulletin, as cited by CNN.

Kevin Breen, director of cyber threat research at Immersive Labs, said in an email statement that “the latest DHS intelligence bulletin warning of a potential Russian cyber attack on the U.S. is not something to be taken lightly.”

“We’ve seen notable ransomware groups operating out of that region, including REvil and DarkSide, with the technical ability to compromise large networks rapidly and at great scale,” Breen said. “It would be wrong to assume that the nation state housing such criminal elements doesn’t have a matching capability.”

Other ransomware gangs known to operate in Russia include Conti, known for “attacking organizations where IT outages can have life-threatening consequences: hospitals, 911 dispatch carriers, emergency medical services, and law enforcement agencies,” according to a report last June from Palo Alto Networks’ Unit 42 research group.

High threshold for an attack

Still, the DHS memo suggested that Russia “probably” maintains a “very high” threshold for carrying out a destructive cyberattack against targets in the U.S., CNN reported.

“[W]e have not observed Moscow directly employ these types of cyber attacks against US critical infrastructure—notwithstanding cyber espionage and potential prepositioning operations in the past,” the DHS bulletin said, according to CNN.

Breen noted that “an attack of significant magnitude, including a deliberate attack on U.S. critical infrastructure, would almost certainly have wider geopolitical consequences.”

“With this new bulletin, the Department of Homeland Security is working on the basis that to be forewarned is to be forearmed – and preparation is key,” he said.

The DHS bulletin was distributed to operators of critical infrastructure in the U.S., as well as to state and local governments, according to CNN.

Uncertainty

Ken Westin, director for security strategy at Cybereason, said his biggest concern about Russia is that they appear to have “an arsenal of zero day exploits at the ready, as well as initial access to targets already.”

Still, zero days that they possess would likely be used on initial execution, “so there is risk in Russia deploying them and exposing their capabilities,” he said.

Ultimately, though, there remains a large amount of uncertainty around both the intentions and full capabilities of Russia’s offensive cyber operations—and there’s no reason at this point to assume a cyberattack against targets in the U.S. is inevitable, Westin said.

“The intelligence alerts and briefings for critical infrastructure and banks are being done out of an abundance of caution to prepare organizations for what could happen, not necessarily what will happen,” he said.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.

Author
Topics