The Current State of Russian-Sponsored Cyber Warfare

As Russia continues its military assault on Ukraine, nations not directly involved in the on-the-ground conflict are facing a different type of Russian threat: state-sponsored cyberattacks.

For the United States, these threats are so serious that last month, President Biden issued an official statement on the potential for Russian-backed cyberattacks based on “evolving intelligence.” Although Biden said the federal government will take every action necessary to protect itself and our country, he also said it is imperative that the private and public sectors work together. 

“Most of America’s critical infrastructure is owned and operated by the private sector, and critical infrastructure owners and operators must accelerate efforts to lock their digital doors,” Biden stated. “If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year.”

So what types of cyberthreats does the U.S. face from Russia? It is believed that the attacks may  target U.S. critical infrastructure in the most essential sectors, such as energy, finance and communications.

According to the Cybersecurity and Infrastructure Security Agency (CISA), in its recently announced Shields Up campaign to warn and guide the private sector against Russian cyberthreats, they include:

1. Compromises to third-party infrastructure
2. Compromises to third-party software
3. Deployment of custom malware
4. Persistent, long-term access in compromised environments (including cloud) with legitimate credentials
5. Malware targeted toward industrial technology and control systems

Most of these threats are not new. Earlier this year, CISA published Alert (AA22-011A), which spells out specific Russian-related cyber threats to the U.S. critical infrastructure and how to best mitigate them. In fact, some have been successful in past attacks. CISA keeps a full list of Russian cyberattacks against the U.S.

The Shields Up website provides comprehensive guidance for organizations to follow as well as updates on the latest Russian threats. CISA recommends that all organizations do the following:

1. Reduce the likelihood of a damaging cyber intrusion
2. Take steps to quickly detect a potential intrusion
3. Ensure that the organization is prepared to respond if an intrusion occurs
4. Maximize the organization’s resilience to a destructive cyber incident

TalaTek strongly recommends that organizations of all sizes thoroughly study the threats and implement these recommendations for mitigating Russian cyberattacks. These include establishing an enterprise-wide risk management strategy, providing security awareness training for all staff, and developing an incidence response plan.

“Now, more than ever, every person and every organization must be on high alert for potential state-sponsored cyber attacks,” said TalaTek founder and Ciso Global Managing Director Baan Alsinawi. “Collectively we can strengthen our nation’s cyber defense but it will take maximum vigilance and effort from all of us.”

For answers on how to develop and implement an effective cybersecurity strategy that can counter this type of cyberattack, contact TalaTek at compliance@talatek.com.