Preparing for a Russian Cyberattack

The war in Ukraine is escalating. The United States, Germany, and Poland are all sending tanks with the expectation that the Ukrainian army can turn the tide by going on the offensive. The World Health Organization is advising nations to stock up on anti-radiation medication in preparation for a possible nuclear event, whether it’s an attack somewhere in Europe or the Russians accidentally (we hope) do something like expose the reactor at Chernobyl, thus spilling radiation out all over Europe and eventually the world.

 

The United States has the luxury of geographical isolation from the current theater of conflict. Russia knows it could not retaliate against the USA by launching a land invasion, and honestly, we’d launch our nuclear stockpile against them if they tried launching on us. So, their only option against a well-equipped, well-defended enemy is disinformation campaigns and cyberwarfare. For years, we’ve experienced these campaigns as well as ransomware gangs, causing havoc for American industry and governments. Still, we have yet to experience a full-out cyber attack, and now is the time to plan for that.

 

The United States has other cybersecurity issues to contend with as well. More cyberattacks from other global players and understaffed cybersecurity teams are the perfect storms for ensuring that our governments, businesses, and homes are ill-equipped to face this onslaught.

 

Preparing society for these probable attacks is critical for cybersecurity professionals. Understanding what could happen and how to mitigate its effects on our personal and professional lives is beyond important. If an all-out cyberwar were to commence tomorrow in the United States, the attackers would have some ripe and possibly easy-to-hit targets that would not only disrupt our lives but also throw our society and economy into chaos. Let’s explore the enemy’s possible strategic targets that can ruin our day, shall we?

 

Loss of Internet Via Your Internet Service Provider

Internet Service Providers (ISP) are the backbone of the entire infrastructure and economy of the planet. The internet runs the financial system, most phone systems in businesses are now running over the internet, physical security systems leverage it, and it’s used for everyday communication of all kinds. This doesn’t include shopping, scheduling appointments, or even Googling today’s Wordle. An extended outage could literally shut down daily life, government, and business operations, and everything else connected to the internet.

Sadly, we have seen examples of cyberattacks that have damaged  ISPs, and it’s never a fun aftermath. While the internet is beyond critical to our daily existence, it’s not the only critical point we all take for granted.

 

Loss of Electricity

If the internet is up, but no electricity is available, we have a serious problem. Forget the internet for a moment. For over a century, electricity has kept the lights on, kept many of us warm on a freezing night, and kept basically every convenience in our lives up and running. Areas without steady and reliable electricity are economically more deprived as everything grinds to a halt. Electricity is beyond critical to modern civilization at this point.

 

Loss of Water and Waste Water

Everyone needs clean and running water. I also happen to be a fan of the plumbing in my home.  Unfortunately, this is one of the many areas where U.S. infrastructure is severely vulnerable. A recent Inspector General stated a report that of the more than fifty thousand water and wastewater districts across the nation, a vast majority are incredibly vulnerable to cyberattacks. We even saw the first possible mass casualty event due to hacking in Oldsmar, Florida, when someone hacked into the water treatment plant and tried to introduce large quantities of lye (typically used as a disinfectant in small amounts) into the water supply. If it hadn’t been quickly caught by accident, thousands of men, women, children, and animals could have been poisoned or killed.

Knocking out clean water and wastewater for an entire geographical region is something we in cybersecurity are preparing for. But unfortunately, many of these districts do not have the funds to improve their defenses.

 

Loss of Traditional Communication

Traditional copper lines are still in use for critical reasons. Many buildings have hardwired alarms and communications to outfits like local first responder systems and security companies. The issue is that much of this older infrastructure is now routed into hybrid communications systems that need the internet to complete the connection. If the internet gets hit, traditional communication will be impacted, which could cut access to critical services.

We have already witnessed real-world results of a cyberattack of this type. In 2015, Russian hackers broke into a Ukrainian nuclear power plant and shut it down while simultaneously attacking the local phone provider in the region. They knocked out power and communications for over 200,000 Ukrainians, rendering them deaf and blind. It’s considered one of the first effective cyberwarfare attacks in history to knock out an entire region.

 

Disruption of Satellite Services

In modern society, satellite systems are now beyond critical. Global navigation infrastructure relies on GPS. Outside of personal vehicles having their GPS go down (not to mention Google Maps etc.), Airplanes rely heavily on GPS, as does shipping. While redundancies are built into specific applications (we have navigation beacons for airplanes, for example), this would be a critical disruption to personal life and commerce. TV channels would be down, even for those with cable (how do you think your favorite show gets to you? It’s beamed to the cable provider via satellite!)

This too has been a concern since 2022, when NATO member nations had to revisit their space warfare treaties when Russia claimed that satellites in aid of Ukraine were fair game. Plus, as a response to Russia’s invasion of Ukraine, hacking teams were able to find a way into Russian spy satellites and knock them out. This is a serious possibility of wreaking havoc on all of us.

 

Disruption of Apps & Services

Russia is giving the world a solid primer on what to expect in national cyber-attacks. Unfortunately, it comes at the expense of the Ukrainians. Prior to their invasion, Russia attempted to destabilize the Ukrainian economy and society by launching cyberattacks against the banking infrastructure, knocking out access to financial institutions across the country. The goal was to panic the general population into believing that the economy was crashing and, thus, caused panic and runs on the banks. Combined with a disinformation campaign designed to ramp up fear, it was an effective tactic that the Ukrainian government worked overtime to counter.

How would the United States remain fair under those conditions? Given that within the first week of the pandemic, almost everyone lost their minds, and we saw runs on stores for toilet paper, you tell me.

 

Disruption of Local Government

Imagine having a life-or-death emergency and calling 911 only to get dead air. This is a real possibility as, like many government infrastructures, many 911 call centers are not hardened as they should be. My company was hired by a U.S. municipality recently for a Data Security Assessment, which included penetration testing. We were able to get so deep into the law enforcement infrastructure, which included emergency response, that we had the ability to knock out the entire 911 response system for over 300,000 citizens. We also could have re-routed the incoming calls somewhere other than to first responders. This is a serious problem, and multiple cybersecurity outfits are able to do this.

On top of this, disruption of a regional economy like a major city could also happen. Cybersecurity researchers figured out how to hack into traffic lights. Imagine every light in metropolitan New York City or Chicago instantly turning green. Consider that other government services (including needed welfare services like food banks) could also go down. Local government is so integral to properly functioning everything that staying online during disasters is critical.

 

So how do we fix this?

 

First, this is not comprehensive. A robust cybersecurity framework has dozens (or even hundreds) of security controls in multiple categories to ensure that the organization it protects is holistic. What is below are the most urgent items to execute to prepare for a cyberattack quickly.

 

Update ALL Critical Infrastructure, Operating Systems, and Software

We primarily update or patch our computers, phones, wireless access points, and everything else to fix known vulnerabilities. Ignoring or skipping updates ensures it’s much easier to hack into the device or computer. Exploiting a known vulnerability basically got most of the US Government hacked by Russian intelligence a few years back, so this is beyond critical.

 

Enable Multifactor Authentication (MFA) On Everything You Can

Gone are the days of only having a username and password to protect you from things like email. Now, we’re using Multifactor Authentication (and more) to protect our logins. MFA is free for most platforms, like Facebook, Google, Amazon, Microsoft Office 365, and more. Studies have shown that using MFA with an authenticator app has thwarted over 99.9% of account compromises targeting Office 365 accounts. With millions of Americans working for companies that are in the supply chain of the US Government, not to mention millions of government workers from coast to coast, there are so many targets for the Russians to hack. It needs to be as hard as possible to get through our security controls.

 

Ensure ALL Devices/Computers Have Uniform Threat Detection

We, hackers, are lazy. If I break into your network (business or home), I will start by quietly running an inventory of everything connected using legitimate utilities so I don’t trip up threat detection. If I’m able to find a computer without an Endpoint Detection Response (formerly antivirus) agent, I’m going to use that to leverage my attacks, as I’ll go undetected for longer and be harder to spot. There should be no exceptions to this one either.

 

Double Check Your Backups!

Periodically test your backups’ recovery capabilities to ensure they’re backing up everything they need. Also, have backups both onsite (if you have onsite data that needs backing up) and in the cloud, as they are much harder to attack. Encrypt all of your backups so they can’t be stolen and ransomed against you. Finally, refresh backups periodically. Studies have shown that backups are corrupt and won’t restore everything properly in an emergency. Backups are our lifeline for recovery, so they have to be as perfect as possible.

 

Alert Friends, Families, and Fellow Employees To Maintain Vigilance And Look For Threats

Education is beyond important for an excellent defensive strategy. Make sure everyone in your personal and professional life is properly trained and aware of how to spot phishing emails, harmful sites, and more. For businesses, make sure the training is role-based. Those with more access to things like money need training at least once a month via phishing testing and subsequent training if they fail to spot and block the phishing attempts. The fastest way to hack into a network is not to defeat the defenses but to get a human in the network to click on or open something they shouldn’t.

 

Geo Block Firewalls and Identity Management Systems

Many firewalls and Identity Management systems allow an organization to block all traffic incoming to their systems. Don’t have any dealings in Russia? Then why can the Russian internet see your firewall? Many firewalls can be programmed to turn into a black hole for all internet traffic except for traffic from the country where the firewall is located. Corporate logins shouldn’t work in Russia as well, so make sure those are locked down. For example, when I travel, I am able to lock my identity down to whatever country I am in. If I leave the United States to go to The Netherlands, my identity will stop working in the U.S. and will only work where I currently am. This is affordable to achieve for pretty much anyone out there.

 

Industrial Control Systems Should Be Tested to Ensure They Work Offline

If the internet goes down, HVAC thermostats in homes and businesses could stop working. That was a problem with Google Nest devices in many homes. Google had a major outage, and people couldn’t use their thermostats to heat or cool their homes while they were down or even lock their doors. Think about it this way; if it’s critical to your daily well-being and connection to the internet, it needs to be tested. Unplug the internet, see what doesn’t work, and plan accordingly.

 

These are only the most critical of steps to securing ourselves from an impending cyberattack. We don’t know how far the current war in Ukraine will escalate, but if Russia has to retaliate against the West, their best bet is to launch infrastructure cyberattacks against us all. Following these basic steps will make everyone that much harder to hit—best of luck to us all. Hopefully, we won’t need it.

______________________________________________________________________________________________________________

Nick Espinosa

An expert in cybersecurity and network infrastructure, Nick Espinosa has consulted with clients ranging from small business owners up to Fortune 100 level companies for decades. Since the age of 7, he’s been on a first-name basis with technology, building computers and programming in multiple languages. Nick founded Windy City Networks, Inc at 19 which was acquired in 2013. In 2015 Security Fanatics, a Cybersecurity/Cyberwarfare outfit dedicated to designing custom Cyberdefense strategies for medium to enterprise corporations was launched.

Nick is a regular columnist, a member of the Forbes Technology Council, and on the Board of Advisors for both Roosevelt University & Center for Cyber and Information Security as well as the College of Arts and Sciences. He’s also the Official Spokesperson of the COVID-19 Cyber Threat Coalition, Strategic Advisor to humanID, award-winning co-author of a bestselling book, TEDx Speaker, and President of The Foundation.

We welcome for consideration all submissions that adhere to three rules: nothing defamatory, no snark, and no talking points. It’s perfectly acceptable if your view leans Left or Right, just not predictably so. Come write for us.

Share With Your Connections
Share With Your Connections
More Exclusive Content
The Latest News from Smerconish.com in Your Inbox

Join our community of over 100k independent minds

This field is for validation purposes and should be left unchanged.

We will NEVER SELL YOUR DATA. By submitting this form, you are consenting to receive marketing emails from: Smerconish.com. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Aweber

The Latest News from Smerconish.com in Your Inbox

Join our community of over 100k independent minds

This field is for validation purposes and should be left unchanged.

We will NEVER SELL YOUR DATA. By submitting this form, you are consenting to receive marketing emails from: Smerconish.com. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Aweber

Write for Smerconish.com

Thank you for your interest in contributing to Smerconish.com Please note that we are currently not accepting submissions for Exclusive Content; we appreciate your understanding.