The Concern Over Ransomware
While not a new issue, ransomware has certainly been plaguing the minds of cybersecurity experts as of lately. A recent report from Mandiant’s threat intelligence team supported some of the fears around these attacks when it confirmed that ransomware campaigns do pose risks to the exposure of operational technology (OT) information. In its coverage of the report, CPO Magazine wrote that the researchers explained “access to this type of data could allow attackers to create an accurate picture of the target’s culture, plans, and operations and craft successful attacks.” This is particularly concerning when considering the relationship between OT systems and critical infrastructure. According to the study, 1,300 of the 3,000 ransomware-led data leaks examined targeted OT associated with critical infrastructure and industrial production operations. The vulnerable information impacted by such incidents included engineering, panel, third-party and employee details.
Russian-Ukrainian Conflict Leads to Joint Cyber Advisory
Beyond the conclusions of the Mandiant study, however, there is another major influence fueling OT threats – the current conflict unfolding between Russia and Ukraine. Russia has a history of carrying out destructive cyber campaigns, and the potential of the country expanding such activity as a retaliation to current events is putting many on high alert. OT and industrial control systems are among the networks that the Federal Bureau of Investigation (FBI), Cyber Security and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have listed as potential targets should a state-backed attack occur. These agencies outlined this warning and more in an advisory that they issued recently titled “Destructive Malware Targeting Organizations in Ukraine.” Although there has not been a direct threat, the advisory notes that in the wake of sanctions being imposed on Russia due to its invasion of Ukraine and cyberattacks that it has already launched, it is important for all organizations to review and update their cybersecurity measures despite size and location. Along with critical infrastructure operators and leaders across sectors, these alerts and cybersecurity guidelines encompass U.S. cleared defense contractors (CDC) whose work spans the U.S. Army, Air Force, Navy, Space Force, DoD and Intelligence programs as well.
CISA and Other Agencies Outline Protective Measures
In addition to giving necessary background information on WhisperGate and HermeticWiper malware, which were both forms of malware used against companies and institutions in Ukraine, the advisory also provided examples of actions that should be taken in order to protect from any similar attacks, including ransomware. For one, the CISA has updated its Shields Up webpage with more resources and tools. On top of that, a list of recommendations was published including setting up regular antivirus scans and thorough spam filters. As Wayne Rash reported for Forbes, other suggested proactive tasks involve implementing tests for backup plans to ensure that an organization is resilient enough to face a cyber incident. Part of accomplishing this level of preparedness is “empowering the CISO by including them in the decision-making process when it comes to weighing risk versus cost,” Rash explained.
- “CISA, FBI Issue Cybersecurity Advisory Amid Russian Attack on Ukraine” – Joe Bebon, Total Security Advisor
- “US enterprises at risk; Russian cyberattacks could disrupt public safety, critical infrastructure” – Maria Henriquez, Security Magazine
- “One in Seven Ransomware Attacks on Critical Infrastructure and Industrial Systems Expose Sensitive OT Information” – Alicia Hope, CPO Magazine
- “CISA Issues “Shields Up” Warning About Russian Cyber Attacks” – Wayne Rash, Forbes