Skip to main content
Monthly Archives: July 2021

The Persistent Threat of Russian Cyberattacks

Colonial Pipeline Storage Tanks As Gas Pumps Run Dry
Photo by Mark Kauzlarich

Recent Russian cyber-attacks on public and private U.S. sectors have put cyber security into the forefront of American thought and public concern. While cyber-attacks are aimed hourly at countries, companies, and individuals, accusations of cyber-attacks between the United States and Russia have created a digital Cold War in a race to see who can exploit the most vulnerabilities in the infrastructure and supply chains of the opposing power.

While the United States government has consistently understood the harm cyber-attacks can present, the public is once again remembering how potent they can be. In just the span of a few months, massive hacking campaigns from various Russian or Russian speaking groups have resulted in strategic U.S. organizations and businesses being compromised. Such examples include the recent and infamous ransomware attack on the Colonial Pipeline by the group DarkSide, which caused the U.S. to lose 1.2 million barrels of oil per day until the ransom was paid. Last month, another Russian-sourced ransomware attack infected JBS meat plants. These factories produce one-fifth of the daily U.S cattle harvest. Despite food production only halting for only several business shifts, millions of dollars were lost in revenue. Additionally, meat prices temporarily spiked in several parts of the United States during this attack.

By seeing that a well-placed attack can cripple our essential national infrastructure, other foreign threat actors have been emboldened in increasing their attempts to exploit U.S. vulnerabilities. A recent Russian hacker group by the name APT28 has been using widespread and anonymous brute force attacks similar to the ones performed on Colonial Pipeline and JBS but which have the potential to self-populate thanks to the automation technology Kubernetes®. As a result, hundreds of governmental and private organizations have been targeted in order to gain access to private networks and obtain sensitive data. Another Russian group named REvil has targeted 200 separate businesses with a similar self-populating ransomware attack right before the Fourth of July weekend.

Due to these and earlier attacks, the Biden administration has put cyberwarfare as a top priority given the national security concern it poses. The topic even overtook nuclear armaments as the U.S.’s primary concern the U.S. had at their NATO meeting in Geneva last week.

Although awareness is increasing, the United States finds itself in a difficult position in responding to these attacks. Unlike nuclear arsenals which are operated and maintained by states, cyber-attacks can come from a wide array of sources, including terrorist organizations, political activists, and criminal groups. This results in a lack of transparency between nations in cyberwarfare, where governments can easily place the blame of a crippling attack at the feet of any rogue cyber organization. President Putin did just that during his meeting with President Biden in Geneva, claiming there was no evidence that the Russian government was responsible for these attacks. President Putin is incorrect, as there does exist evidence that the Russian government was involved in several brute force attacks on valuable U.S. infrastructure. However, cyber evidence is not as obvious as a photograph or signed document might be, meaning it is much harder to show or explain. What this denotes is that new approaches to the cyberwarfare dilemma must be thoughtfully considered, since cyberconflict has shown to be immune to well-established tools of deterrence.

In addition to any external policy enacted against Russia, the United States could consider implementing a focus on a defensive strategy at a domestic level through improved standardization of cyber protection protocols for strategic U.S. businesses. Coming out of the wake of COVID, many employers and employees still work from home via computer yet are not familiar with digital communication safety etiquette. With more workers online, this could mean a bigger chance of an illicit actor, Russian or otherwise, intercepting sensitive data belonging to a vital U.S. business. It was, after all, assumed that an employee at Colonial Pipeline carelessly clicked on a phishing email which resulted in the attack. However, this is not a unique problem, and the danger can affect millions of vital U.S. businesses. A 2021 survey issued by Rave Mobile Safety found that many employers still struggle with how best to protect and communicate with employees both onsite and offsite due to the rapid shift many took by working remotely last year. Key findings show that only 28% of workers are involved in safety drills. One third of respondents say they were unsure of emergency plans for an active shooter, cyber-attack/system outages, and workplace violence. Lastly, the survey showed that respondents in the 30-44 and 45-60 age groups preferred mass text message as a form of communication.

The preference for mass text message among older employees presents the problem of SMS phishing, which is often harder for both receivers and security software to detect than phishing emails. A study by PhishLabs identified 47% more phishing sites in Q1 of 2021 than there were in Q1 of 2020. This trend is continuing as Q2 attacks are also up significantly from last year. The study suggests that the threat actors are continuously attracted to careless actions and poor security practices by users on social media accounts, given that social media, especially messaging apps, topped the list of phishing attempts for the first time. Since messaging apps are currently particularly prone to phishing attacks, it is even more imperative that those who prefer mass text message over email are educated and cautious.

The recent Russian hacking groups have shown that exploiting a simple backdoor or an employee’s careless click can result in widespread and disastrous consequences. By potentially working closer with critical U.S. businesses to ensure proper safety precautions are enacted, the Biden administration could decrease the chance of another shortage and avoid the panic and mayhem that would ensue. The United States can and should try to enact a wide variety of international legislation with Russia to prevent future cyber-attacks. Yet if the problem is not fixed at the domestic level, then the United States is leaving itself vulnerable for other foreign threat actors to cause mass devastation.