U.S. Critical Infrastructure Entities Targeted by Pro-Russia Hacktivists
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Department of Defense Cyber Crime Center (DC3), Canadian Centre for Cyber Security, Europol, and cybersecurity agencies throughout Europe have issued a joint cybersecurity advisory warning of cyberattacks on critical infrastructure by pro-Russian hacktivists.
In contrast to attacks by many financially motivated threat actors and advanced persistent threat groups, the attacks are relatively unsophisticated, and aside from attacking critical infrastructure entities in perceived adversaries of Russia, the attacks are opportunistic rather than targeted. According to the authoring agencies, the attacks are opportunity-driven by ease of access, targeting known unpatched vulnerabilities in Internet-facing systems, especially minimally secured virtual network computing (VNC) connections and Internet-facing desktop-sharing systems. The hacktivist groups typically use easily repeatable and unsophisticated methods for initial access.
While the attacks are lower impact than those conducted by APT actors, the aim is disruption to operations at critical infrastructure entities, potentially also resulting in physical damage. Attacks may be accompanied by DDoS attacks, and the threat actors aggressively pursue visibility, amplifying their activities and even fabricating claims of malicious attacks. While claims of attacks may be entirely fabricated, any such claim should be fully investigated. While sectors such as water and wastewater systems, food and agriculture, and energy face the highest risk of attack, the broad, indiscriminate approach has allowed the groups to attack many different critical infrastructure sectors. All critical infrastructure entities face an increased risk of attack, including the healthcare and public health sector.
“The pro-Russia hacktivist groups highlighted in this advisory have demonstrated intent and capability to inflict tangible harm on vulnerable systems,” said CISA Executive Assistant Director for Cybersecurity Nick Andersen. “In addition to implementing the recommended mitigations and rigorously validating their security controls, we are calling upon all OT device manufacturers to prioritize secure-by-design principles—because building in security from the start is essential to reducing risk and safeguarding the nation’s most vital systems.”
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
“Robust cyber threat information sharing between the private sector and the federal government, implementation of recommended practices, and the commendable and aggressive enforcement operations by the FBI and other agencies will help mitigate the threat,” suggests John Riggi, AHA national advisor for cybersecurity and risk. “Organizations should also update, integrate, and routinely test emergency preparedness, cyber incident response, and clinical continuity plans should there be an extended technology outage affecting hospitals directly or indirectly through a cyberattack against mission-critical third parties.”
Key mitigations recommended by the authoring agencies include reducing the exposure of assets to the public-facing Internet; adopting mature asset management processes, including mapping data flows and access points; implementing network segmentation, especially between IT and OT networks; and ensuring all assets use robust authentication procedures.
The warning comes just a few days after a CISA and NSA alert about the BRISCKSTORM Backdoor, which is being deployed by state-sponsored threat actors from the People’s Republic of China (PRC) in attacks on VMware vSphere and Windows cloud platforms.
