Feb 16, 2022
50 Views
0 0

Officials warn of asymmetric cyberattacks as Ukraine conflict simmers

Written by

The cyber activity comes amid a tense standoff between Russia and major western powers.
President Joe Biden warned that U.S. was prepared to respond if Russia launched an asymmetric cyberattack against critical infrastructure belonging to the U.S. or its allies, he said in a speech Tuesday.   
The risk to U.S. multinational companies was at a heightened state, given the current military activity in the Ukraine, said Jamil Jaffer, founder and executive director of the National Security Institute at George Mason University. Russia has a history of employing malicious cyber operations in the region. 
“The threat is significant because, even if multinationals are not targeted by the Russian government, there is the significant possibility of collateral damage as we saw during the NotPetya cyberattack in 2017,” Jaffer said.
During the NotPetya attack, destructive malware spread across the globe after initially targeting organizations in the Ukraine. Multinational firms ranging from Mondelez International to Maersk and Federal Express suffered damages worth hundreds of millions of dollars.
There is also evidence of Ukranian point-of-sale terminal disruption, John Hultquist, vice president of intelligence analysis at Mandiant, said. He cited reports from Ukrainian police that consumers received fraudulent text messages saying ATMs were malfunctioning. 
Teresa Walsh, global head of intelligence of the Financial Services-ISAC, said the organization was unaware of any direct threats against the U.S. financial community or infrastructure, however it was warning members to remain vigilant. 
Ukrainian authorities linked an advanced persistent threat group known as Gamaredon or Primitive Bear to five Russian Federal Security Service officers based in Crimea, according to Palo Alto Networks Unit 42. The researchers released 500 additional indicators of compromise, on top of 700 previously released IOCs earlier this month. 
Microsoft security researchers earlier this month unveiled information on this same threat actor, which it calls Actinium. The group has been observed since October 2021, using spear phishing attacks with remote templates against Ukrainian government organizations and groups coordinating humanitarian aid. 
The Cybersecurity and Infrastructure Security Agency said while there was no specific, credible evidence of an attack, organizations should prepare for potentially destructive activity. The agency’s recommendations included port access limits, multifactor authentication, backup procedures tests and ensuring software is updated. 
Get the free daily newsletter read by industry experts
"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 
The agency is encouraging private entities and local governments to monitor the catalog, though its usefulness will depend on a company's resources.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 
The agency is encouraging private entities and local governments to monitor the catalog, though its usefulness will depend on a company's resources.
The free newsletter covering the top industry headlines

source

Article Categories:
Cybersecurity News

Comments are closed.