GREENVILLE – Amid growing geopolitical tensions due to Russia’s invasion of Ukraine, companies like Apple, Disney, Ford, and IBM as well as Red Hat and SAS are suspending business in Russia. U.S. officials have advised companies to be on high alert for cyberattacks, and in December, former Secretary of State Condoleezza Rice and top business leaders warned that cyber attacks are the most dangerous weapon in the world.
Further, there’s evidence that cyber attacks coincided with Russia’s attack on the Ukraine, as Microsoft announced last week that it had detected increasing cyberattacks on Ukraine.
So, amid increasing cybersecurity concerns, how can businesses and residents of North Carolina bolster their cybersecurity defenses?
WRAL TechWire connected with Chris Hope, the senior director of IT and security at One Source, to discuss how companies and individuals in North Carolina ought to be thinking about cybersecurity during a period of high geopolitical tension. One Source is a Greenville, NC-based company that notes on its website that it empowers organizations to “reduce their technology expenses while right-sizing telecom connectivity, IT infrastructure and cybersecurity strategies.”
A lightly edited transcript of our conversation follows.
Are cyberattacks targeting Ukraine a war crime? Microsoft says could be
Risk factors
WRAL TechWire (TW): Based on your understanding of the latest U.S.-Russia and NATO-Russia relationship(s), what are the risk factors present with regard to cybersecurity?
Chris Hope, senior director of IT and security at One Source (Hope): We have already seen Russia use many varied cyber offensive measures as part of its attack on the Ukraine, making this one of the first major global conflicts in which cyberattacks are employed as an act of war from Day 1 of the conflict. As tensions continue to escalate, we can expect cybersecurity risks to increase both across Europe and in the United States.
We have not seen an increase in cyberattacks from Russia against the United States thus far, but we know they’re coming. This is especially true as the U.S. levels increasingly painful sanctions against Russia and Russia looks to retaliate. We can expect Russia to unleash a broad range of attacks against U.S. entities in the months to come, including distributed denial-of-service (DDoS), ransomware and data breaches.
Tech stock charge: Cybersecurity shares attract bulls even as Street falters
Who’s at risk?
TW: What sectors, industries, businesses might be at risk from cyberattack?
Hope: Every organization is vulnerable to a cyberattack, but the two biggest sectors at risk from Russian cyberattacks are infrastructure and energy. That’s where there is the largest potential for damage domestically. Since crude oil, coal, and natural gas are the primary Russian exports, it’s logical that they would target our country in this area to try and undermine our ability to be energy independent and self-sufficient.
The biggest threat to businesses in other sectors, however, may come from threat actors that fall outside state-sponsored attacks. It’s important to remember that cyberattacks typically increase in times like these where international tensions are high as cybercriminals see it as a smokescreen they can use to get away with nefarious activity undetected. It’s crucial for North Carolina businesses to be aware that they are likely to be targeted in an attack in the coming weeks and months. It’s just a matter of when.
‘Cyber is the most dangerous weapon in the world,’ execs warn
How to prepare?
TW: How can organizations prepare – and follow the guidance from the U.S. Justice Department?
Hope: One of the single strongest actions a business can take to protect themselves cyberattacks is to establish Multi-Factor Authentication (MFA) for themselves and their employees. This is especially important as the credentials for Office 365 are the most heavily used to exploit other services. Turning on MFA is something every North Carolina company should do right now to protect their infrastructure, from on-premises systems to the cloud.
On a broader level, companies need to remember that risks will only grow and they must have an understanding of their cybersecurity environment. Now is the time to identify what types of assets need protecting – including sensitive intellectual property and data – and where those assets are in their network. Amid heightened concern, companies should know where cybersecurity responsibilities lie and ensure there is awareness across the board.
Cyberattacks are surging – here’s how companies should respond
Learning from history
TW: What have we learned from prior cybersecurity attacks originating from Russia or from within Russia?
Hope: When you look at how aggressive Russia has been, it’s clear that digital attacks are part of the strategy from the start.
Cyberattacks were planned in coordination with military interventions that caused major disruptions in Ukraine infrastructure.
In addition to the well-publicized DDOS and ransomware used against Ukraine’s government, digital tracking and disruption of the cellular networks has been well documented at the front lines of the conflict. Considering Russia’s position as one of the world’s biggest sources of cybersecurity threat activity, recent events underlie cybersecurity’s increasing role in international warfare.
Though Russia’s cyberattacks have so far been concentrated in the Ukraine, this could change based on how dynamics evolve between Russia and NATO.
The more the West intervenes, the more we’ll be at risk for cyber-attacks. And amid escalating threats, it can be tough to decipher whether threats are coming from government-sponsored adversaries or other threat actors that see opportunity.
Cisco warns malware infects 500,000 routers in 54 countries; Ukraine could be cyberattack target
What’s happening now
TW: Catch us up to speed on anything that’s changed in the last few days.
Hope: One thing to note from Russia’s invasion in the Ukraine is the emergence of a new powerful Malware, as written about in The Guardian last month.
This is the type of attack that could end up getting picked up and researched by sophisticated criminal organizations.
A similar phenomenon happened with the 2017 NotPetya cyberattack by Russian military hackers – which originated in the Ukraine before spreading globally and causing billions of dollars in damages, as reported by the Washington Post in January 2018.
[Editor’s Note: WRAL TechWire reported in May 2018 that Ukraine could be the target of cyber attacks during “large-scale” events.]
Looking ahead, we’re still waiting on additional intel and expect more sourced information from intelligence agencies to be released in the coming days. While sanctions will likely have a major impact on the risk of proactive cybersecurity attacks from Russia in the West, we’re urging everyone to remain on extra high alert.
Now what?
TW: What happens next – or what would occur that would suggest ramping up defenses or for moving down an alert level?
Hope: It will be important to keep an eye on what happens between government agencies and accelerations with any sanctions. If the West ramps up sanctions, that could increase the risk of cyberattacks on a domestic level if Russia decides to retaliate. Considering Russia’s position as an energy exporter, any sanctions concentrated there would raise the alert level.
While we’re still waiting to see how certain dynamics play out, things have escalated quickly in the past few days. Our message to businesses in North Carolina is to get prepared now and take these threats seriously.
If businesses don’t feel comfortable about their cybersecurity strategy or know where to start, there are resources available to help. Finding a reputable partner to help manage and monitor your cybersecurity protection is a great option if you don’t have the internal skill set, bandwidth, resources or knowledge to do so.
