CNN just reported on a Jan 23 Intelligence Bulletin from the US Department of Homeland Security (DHS) that warned state and local governments and critical infrastructure operators about the risk of Russia hitting the US with cyberattacks in retaliation for a possible US or NATO response to a potential Russian invasion of Ukraine.
The agency said Russia could employ anything from denial-of-service attacks to more destructive ones aimed at disrupting critical infrastructure.
Specifically, CISA just highlighted a warning by Microsoft about malware focused on deleting the Master Boot Record of Windows devices that was being used in attacks on Ukrainian organizations.
CISA also put out a set of recommendations – particularly if your organization is working with a Ukrainian business or has an office in Ukraine– that includes steps to reduce the likelihood of attack, detection of potential intrusions, incident response should an attack occur, and a focus on being cyber resilient.
CISA noted with concern: "The identification of destructive malware is particularly alarming given that similar malware has been deployed in the past—e.g., NotPetya and WannaCry ransomware—to cause significant, widespread damage to critical infrastructure".
Remember the 2017 NotPetya attack? In a report published by Wired, a White House assessment pegged the total damages brought about by NotPetya to more than $10 billion. This was confirmed by former Homeland Security adviser Tom Bossert, who at the time of the attack was the most senior cybersecurity focused official in the US government.
More recently, "58% of all cyberattacks from nation-states have come from Russia," said Tom Burt, Microsoft corporate vice president.
The downtime caused by NotPetya was horrendous. Think your cybersecurity insurance might cover the cost? Not so fast. Some insurance companies cited “act of war” exclusions to try to avoid covering the NotPetya damage. This is now in the courts, and this WSJ article is great ammo to add to a budget request.
Cybersecurity has moved from IT to a CEO and Board-level business issue
You did not sign up for this, but today it is abundantly clear that as an IT pro you find yourself on the front line of 21-st century cyber war. Cybersecurity has moved from IT to a CEO and Board-level business issue. I strongly suggest you have another look at your defense-in-depth, and make sure to:
- Have weapons-grade backups
- Religiously patch
- Step your users through new-school security awareness training.
Now that the new year has started and you need to comply with a raft of regulations, it's a great time to schedule your users for a refresher awareness training module to keep them on their toes with security top of mind. If you do not have this in place yet, get a quote and be pleasantly surprised about the no-brainer price!
