Story image

Expert insights: Should we be preparing for cyberwar with Russia?

18 Apr 18

Just days after the missile strike on Syria by Western powers, fears are growing over a potential retaliation by Russia - in the form of a cyberattack.

But just how real is this risk? We’ve gathered insights from experts in the industry to throw some light on the matter.

SonicWall president and CEO Bill Conner

"Cyber attacks like WannaCry and Not-Petya demonstrate governments can and will, use nefarious means to target critical national infrastructure of nation states. There is no doubt that Russia has the ability and the motive to deploy this kind of attack on the West. Many other nation states have this ability too. That said, it is not just national infrastructure at risk. For many state-sponsored hackers, business and governmental department disruption is top of the agenda, much like the NHS attack.

As the cyber-arms race continues to escalate, there is increasing pressure on the US and UK governments to truly understand the nature of malware cocktails - the process of mixing threats to concoct brand new, destructive attacks. The risks to businesses and even everyday citizen's data grow each day. Governments and businesses need to deploy a layered security approach utilising next generation firewalls, deep packet inspection for encrypted communication, cloud-based multi-engine cloud sandboxing, advanced real-time deep memory inspection, and next generation end-point security with rollback capability.”

FireEye director of intelligence analysis John Hultquist

“Russia has repeatedly leveraged cyber tools to protect its interests, especially when the country’s prestige as a military superpower is threatened. For instance, when their place in the Olympics was embarrassingly lost, they lashed out with a campaign to undermine the legitimacy of the games, ultimately culminating in an attempt to disrupt the events themselves.

As in the Olympics, Russia is already seeking to undermine the legitimacy of the strikes through social media accounts we suspect are tied to the Internet Research Agency. They could complement these campaigns with targeted leaks as they did during the US elections. Furthermore, more aggressive options such as cyberattack could be employed, though they may be considered too escalatory.”

Cybereason senior director of intelligence services Ross Rustici

“Although tensions with Russia are at an all-time high, the threat of retaliatory cyber-attacks against the UK and its allies is overblown. We are likely to see increased disinformation campaigns and some low-level activity by apparently independent groups, but nothing that breaks Russia’s usual plausible deniability. We may also see some cyber activity within the Syrian theatre, such as jamming communications, but nothing which targets nations directly.

An unconcealed, high-level attack on UK infrastructure such as a powerplant would cross a red line into open warfare. Russia’s failure to interfere with the airstrike itself indicates that Putin is not yet ready to escalate and risk a war breaking out. Nobody wants to see these nuclear powers go toe-to-toe in a real conflict.”

Vectra EMEA director Matt Walmsley

“With stories reporting routers in the USA and UK being compromised by foreign nation states, and a recent increase in security preparation for possible large scale cyber-attacks, enterprises should take another look at how they’re securing their network infrastructure.

Don’t leave the door wide open – No software is perfect so make sure you’re up-to-date with software updates and patches for your network infrastructure. Then make sure you’re not exposing your equipment’s management interfaces and ensure you have changed the default admin credentials. For perimeter devices with internet connectivity this is doubly important.  This may seem like “cybersecurity 101” advice but, only last month, default settings in some Cisco switches allowed over 168,000 devices exposed to the internet to be identified as vulnerable to illicit remote command execution via an admin protocol.

Your firmware may not be that firm – Advance attackers will seek to compromise the underlying firmware of their target platform. Even if you have robust OS level security controls, threats such as Sub-OS rootkits will remain undetected. However, with recent advances in AI-based behaviour threat detection we can now spot in real-time the very subtle signals attackers use to perform command & control (C2) orchestration to devices that have compromised firmware by looking for the attacker’s “knocking” signals hidden within legitimate communications.  With that actionable insight, platforms can be completely reset and their firmware, OS images, and configs reloaded from known good sources.”

Skybox Security director of technical product marketing Sean Keef

 “The joint alert by the US and UK on Russian state-sponsored cyberattacks targeting network infrastructure devices accentuates that organisations are still challenged to understand the vulnerabilities and security weaknesses in their attack surface. The sheer size and complexity of networks today (including the convergence of IT networks and the OT networks that run critical infrastructures) is making that challenge even bigger.  

We know that legacy networks  — especially those in critical infrastructure — are not outfitted to deal with today’s security challenges.  Out of warranty hardware, out of date software, and misconfigurations are the recipe for disaster —and it looks like Russia is cooking dinner. Keeping track of what protocols are being used by which devices, ensuring that the delivered access doesn’t exceed the desired access, and confirming that devices are configured and hardened properly can be daunting — especially with enterprise-level, hybrid networks.  

This requires deploying technology that gives complete visibility to the attack surface — across the entire hybrid network. That technology takes into consideration both asset and network data  to understand how data flows and where vulnerabilities and security weakness exist. Without this information, security teams are essentially managing security blindly.”