RSA Conference The Kremlin-backed cyberattack against satellite communications provider Viasat, which happened an hour before Russia invaded Ukraine, was “one of the biggest cyber events that we have seen, perhaps ever, and certainly in warfare,” according to Dmitri Alperovitch, a co-founder and former CTO of CrowdStrike and chair of security-centric think tank Silverado Policy Accelerator.
Alperovitch shared that opinion during a global threat briefing he delivered with Sandra Joyce, EVP of Mandiant Intelligence, at the RSA Conference on Tuesday.
The two suggested that the primary purpose of the attack on satellite comms provider Viasat was to disrupt Ukrainian communications during the invasion, by wiping the modems’ firmware remotely, it also disabled thousands of small-aperture terminals in Ukraine and across Europe. The attack therefore disrupted satellite connectivity for thousands, and disabled remote monitoring of 5,800 wind turbines in Germany.
The Russians are horrible at combined arms
This attack – along with several other destructive data-wiping malware infections in Ukrainian government and private-sector networks – illustrates a couple of key cyber security takeaways about Russian cyber goons.
“The Russians are horrible at combined arms,” Alperovitch said, noting this holds true for air and ground military invasion.
“And that’s what we’ve seen in cyber as well,” he added. “Even though they’ve been able to achieve tactical successes on a number of occasions, including in the case of Viasat, they’ve not been able to leverage it to actually prosecute a campaign. The best tactics, even in cyber, don’t compensate for a really, really bad plan.”
Perhaps the more important lesson learned, however, comes from the Ukrainian security operations teams.
“One thing that the Ukrainians have taught us so well – and they certainly have had eight years of practice and suffered from Russian cyber operations – is the importance of resiliency,” Alperovitch said. “The reality is that a number of these Russian attacks are successful.”
The Russians have seen success worldwide penetrating networks and dropping malware, he added. “However, the Ukrainians are able to rebuild the networks within hours,” Alperovitch said.
This is because Ukraine has had years of practice repairing networks after Russia deployed NotPetya – which wiped data from energy firms and banks – and the related Bad Rabbit malware.
“So it’s really not a big deal to see a network wiped out because they are ready for it,” Alperovitch said. “They’ve got backups ready to go, and they can rebuild it very quickly and very efficiently. And that’s something we don’t practice here.”
In the US, recovering from a major attack can take an organization weeks and “be truly devastating,” he added. “We have to spend a lot more effort on resiliency.”
Another cyber-lesson learned from the Russian invasion is to not be afraid of influence operations, or IOs, Mandiant’s Joyce added.
Mandiant has tracked several of these disinformation campaigns during the war, including some spread by a group that the threat intel shop calls “Secondary Infektion.” Mandiant linked the gang to false claims, spread in March, that Ukrainian president Volodymyr Zelenskyy had died by suicide in a Kyiv military bunker. Another Secondary Infektion influence operation that circulated in both Ukrainian and Russian falsely claimed that the Ukraine and Polish governments sought to enable Polish troops to deploy in western Ukraine.
Neither influence operation had much impact on Ukrainian battlefields, Joyce said. Although Russian deep fake technology has become more sophisticated, “the audience too, is maturing along with them,” she said.
Ukraine has also provided an on-the-ground view of how to do incident response amid falling bombs, blackout conditions and blocked IP addresses.
“It’s stressful enough to do an incident response – let alone do one during a war,” Joyce said. “The type of resilience that the Ukrainian defenders are showing right now in the cyber domain is incredible. And it’s something that, for our position in Mandiant, supporting these incident responses is something that we frankly, have never seen.” ®
Click Here For The Original Source.
Recently, SEC Chair Gary Gensler issued fresh warnings about cryptocurrencies amid Bitcoin's surge to a…
Pay Dirt is Slate’s money advice column. Have a question? Send it to Athena here. (It’s anonymous!) Dear…
By Virma Simonette & Kelly Ngin Manila and Singapore14 March 2024Image source, Presidential Anti-Organized Crime…
Technology has disrupted many aspects of traditional life. When you are sitting at dinner and…
Reports of suicides, missing bodies, sexual kompromat and emptied bank accounts as fake sangomas con…
A South African woman has been left with her head in her hands after she…