White House Denies Mulling Cyber Strikes on Russia
NBC News reported on Thursday that President Joe Biden has been given a menu of options for conducting offensive cyber strikes again Russia. But the White House press secretary says it is “off base and does not reflect what is actually being discussed in any shape or form.”
According to the report, options include disrupting internet connectivity inside Russia, targeting the country’s electric grid and hacking into its rail lines. The actions, sources told NBC News, could be preemptive. There are no named sources in the story, and NBC News characterized its sources as “two U.S. intelligence officials, one Western intelligence official and another person.”
But White House Press Secretary Jen Psaki tweeted that the report was off the mark.
NBC News reported that the sources says the cyber actions would be meant to disrupt, not destroy, and thus would not constitute an act of war against Russia. It is likely, they add, that the U.S. would not publicly acknowledge such operations. Affiliated agencies, they say, could include U.S. Cyber Command, the National Security Agency, the Central Intelligence Agency and others.
This week, cybersecurity officials continued to warn against cyberattacks that would precede any kinetic strikes. Then on Wednesday, several government ministries were hit with a widespread DDoS attack, the second such attack in just days, and new data-wiping malware was discovered on hundreds of devices on Ukrainian networks (see: Cyberattack Hits Ukrainian Government, Banking Websites).
Amid these developments, global cyber officials, technologists and industry watchers continue to urge U.S. and EU organizations to keep their “shields up” against prospective Russian-aided attacks – comparable to the one that struck Colonial Pipeline in May 2021.
On Thursday, U.S. Cybersecurity and Infrastructure Security Agency Director Jen Easterly tweeted: “While there are no specific threats to the U.S. at this time, all orgs must be prepared for cyberattacks, whether targeted or not.”
This echoes language issued by Easterly and her team in mid-February that stated: “The Russian government understands that disabling or destroying critical infrastructure can augment pressure on a country’s government, military and population” (see: CISA Warns Orgs to Prep for Potential Russian Cyberattacks).
Ukraine at War: Context
Overnight on Wednesday, following a fiery speech from Russian President Vladimir Putin and an equally combative exchange between Sergiy Kyslytsya, Ukraine’s ambassador to the United Nations, and Vasily Nebenzya, Russia’s ambassador to the UN, at an emergency meeting of the U.N. Security Council, Moscow leveled its air, land, sea and cyber campaign against its Western neighbor – almost immediately shelling its capital city, Kyiv. Putin threatened any nation that intervened in what he called a “peacekeeping mission.”
This coincided with malicious cyber activity, including Wednesday’s DDoS attacks. The timing aligned with U.S. intelligence reports suggesting that Russia-linked cyber offensives could spread before its military maneuvers.
And according to a new blog post by the Photon Research Team at the firm Digital Shadows, the wiper malware since detected on Ukrainian networks – dubbed HermeticWiper – was deployed from Windows domain controllers, hinting that access may have been gained some time prior.
The cyber and kinetic escalation incited significant sanctions from multiple NATO member-states. In a press conference on Thursday, Biden announced additional financial sanctions against Moscow. He did not, however, declare a Russian exclusion from the SWIFT banking system, which executes financial transactions between banks worldwide.
The president also said: “I repeat the warning I made last week on Russia pursuing cyberattacks against our companies, our critical infrastructure. We are prepared to respond … [and] we’ve been working closely with our private sector partners to harden their cyber defenses and sharpen our ability to respond to Russian cyberattacks as well.”
The conflict has roots in Ukraine – which gained its independence at the fall of the Soviet Union in 1991 – seeking admittance into the intergovernmental military alliance NATO. Putin had demanded that Ukraine renounce such plans and ordered NATO to remove its troops from Eastern Europe – terms NATO rejected.
Unprecedented Cyber Steps?
Other cybersecurity experts have also continued to sound the alarm.
Tony Cole, CTO of Attivo Networks and a retired cyber operator from the U.S. Army, says: “Previous ground gained in pushing the Russian government to shut down criminal ransomware gangs … will likely evaporate, and it’s possible those same gangs will be encouraged to increase their illicit activity.”
Read the full article by Dan Gunderman on Bank Info Security.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise