Chris Lange, FISM News

[elfsight_social_share_buttons id=”1″]

The U.S. Department of Defense Cybersecurity and Infrastructure Security Agency has issued an urgent “Shields Up” alert warning that Russia has developed a “new generation” of dangerous malware “that could cripple industrial systems worldwide.”

U.S. cyber officials said “Russian state actors” have already been probing weaknesses in some of America’s most critical systems.

“We are seeing evolving intelligence about Russian planning for potential attacks. And we have to assume that there’s going to be a breach. There’s going to be an incident. There’s going to be an attack,” said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA). The agency is tasked with protecting computer networks in 16 critical U.S. sectors considered to be essential to national security, including communications, finance, and energy. 

“I think we are dealing with a very dangerous, very sophisticated, very well-resourced cyber actor,” Easterly continued. “What does that mean? It means assume there will be disruptive cyber activity and make sure you are prepared for it.”

Easterly has asked industry leaders to share information with the government to defend against cyberattacks and is urging U.S. organizations, no matter what size, to install software updates and use multi-factor authentication on computers and phones.

“We know that energy, targeting the energy sector, is part of the Russian play book. But also finance, given potential retaliatory attacks for the very severe sanctions that the U.S. and our allies have imposed and continue to impose,” Easterly said..

Dragos cybersecurity company founder Robert Lee is familiar with Moscow’s ability to launch devastatingly effective cyberattacks, having investigated a 2015 attack on Ukraine he described as “the most destructive cyberattack on civilian infrastructure the world had ever seen.”

Lee said that Russian hackers from the GRU, Moscow’s military intelligence agency, were able to shut down over 60 substations in Ukraine that caused mid-winter blackouts for 225,000 customers. 

“The Ukrainians had to send utility workers to the impaired substations to manually restart each one,” Lee said, adding that GRU hackers now possess new malware “that could cripple multiple transmission stations with one keystroke.” 

“It was a shock to everybody because there’s been a lot of theory around how you could do this,” Lee said, acknowledging that the same thing could “absolutely” happen in America. 

Dragos has, in fact, already tracked the same group of Russian hackers to the U.S. where they have already installed malware and probed power company systems.

A brazen and more dangerous cyberattack carried out by Russian hackers struck a major Saudi oil refinery in 2017, triggering a shut down. Julian Gutmanis, a Dragos employee who worked cybersecurity for Saudi oil giant Aramco at the time, said someone had managed to hack into the Petro Rabigh refinery’s emergency shutdown system and install malware. 

Lee said the malware used by hackers in the incident, called Triton, could have allowed the GRB to detonate explosives and release toxic chemicals.

“It’s the first time in history we’ve ever seen a cyberattack explicitly designed to kill people,” Lee said. “It targets safety systems. And these safety systems are only there to protect lives.” A small error in the software actually prevented the Russians from setting off the explosives.

U.S. Justice Department Deputy Attorney General Lisa Monaco, who oversees the FBI’s cyber division, said the threat posed by Russian hackers in the U.S. is significant.

“We are seeing Russian state actors scanning, probing, looking for opportunities, looking for weaknesses in our systems on critical infrastructure, on businesses,” Monaco said, adding that the activity they are seeing is akin to “a burglar going around trying to jiggle the lock in your house door to see if it’s open. And we’re seeing that.”

Monaco added that the Justice Department has been working to stop Russian hackers before they strike, noting that Moscow’s military intelligence has successfully installed malware on computers across the globe.

“We’re seeing them deploy that code and take control of these computers. It’s like an army of infected computers that, with a single command, can be deployed to do everything from gathering information, stealing information, and sometimes to have destructive effect,” she said. The Department has been actively working with private sector businesses to study the cyberattacks and is using the information “to go in, not only remove that malware, but again, to lock those doors, to keep the attacker from coming back,” according to Monaco.

Homeland Security Advisory council member Dmitiri Alperovitch said that Russia has likely held back on launching a full-scale cyberattack in the U.S. simply due to the vast number of potential targets.

“The reality is that we have way too many targets. If you look particularly in our energy sector, you have regional utilities. You have minor energy processing companies, storage companies, pipeline companies,” he said, adding that Russian hackers “are top notch” at their craft, and they have “demonstrated that time and time again.” 

Alperovitch also said the U.S., if attacked, could respond with a warning designed to show Russia its own cyber capabilities..

“We have to let [Russian President Vladimir Putin] know that you will not touch our critical infrastructure without a response,” he said. A retaliatory cyberattack by the U.S. could include a brief disruption in Russia’s internet access.

 “It won’t cause any lasting impact, but it will demonstrate the power of the United States Cyber Command, what we can do to his economy by disconnecting him, effectively, from the internet.” Alperovitch said, adding, “We can absolutely do that. And we’ll let him know that if he keeps going, if he keeps attacking us, we can make that permanent.”