Ever since the U.S. imposed sanctions on Russia for its war on Ukraine, there have been growing apprehensions that a full-blown cyberattack is imminent. Judging by the recent malware tools detected by the Cybersecurity and Infrastructure Security Agency (CISA), it seems the cyberattacks have already reached the American shore.
Mandiant, a private cybersecurity partner working with government agencies, conceded that the malware’s behavior was “consistent with the malware used in Russia’s prior physical attacks.” Even though the government agencies have refused to identify the threat actor, Dragos CEO Robert M Lee has agreed that a state actor was involved in creating the malware. Dragos detected the malware before it could wreak havoc on American businesses and security agencies continue to monitor how Russia responds to the financial blockade.
Which industries are at risk?
The malware detected by Dragos is dubbed Pipedream and it first targeted the energy industries. Pipedream has a modular architecture that can be used to carry out automated attacks. It can gain full system access to liquified natural gas and electric power sites and shut down heavy machinery, leading to the loss of on-site lives and financial collapse. Pipedream resembles the Russian malware Triton that brought the Saudi oil reservoir to a standstill twice in 2017.
The malware identified at least five energy companies including Schneider Electric and Omron to target initially. As last year’s Colonial Pipeline ransomware attack has taught us, the energy sector in the U.S. is particularly vulnerable to advanced cyberattacks.
If left undetected, Pipedream would have laid the groundwork for cybercriminals to target other industries. It’s evident that the American private sector can never be too secure against Russian threat agents but you can prevent most of the attacks by anticipating the trends.
What should your business do?
The U.S. government has warned about Russia retaliation against American businesses but by following a few steps you can protect core assets from being exploited.
1. Keep your devices and systems up to date. Security flaws and new malware attacks are detected all the time so it’s important to install official software patches as they come. In an age of zero-day vulnerability, using outdated software can lead to data theft and financial losses.
2. Use multi-factor authentication (MFA) at every access point. MFA creates a second layer of security that makes it harder for threat actors to breach systems while alerting authorities about possible cyberattacks.
3. Maintain an automatic backup and restore system to save critical data in the cloud or data centers. In case of a security breach, you can restore business data and avoid downtime costs.
4. Use advanced security tools and encryption practices to strengthen your security infrastructure. Microsoft’s Office 365 offers enterprise-grade security to businesses of all sizes.
5. Train your workforce to protect company assets from being exploited by attackers. A large number of malware look for employee mistakes to enter and compromise systems. If employees are on the same page about security, it helps mitigate the risks.6. Consult a cybersecurity partner to iron out flaws in your security strategy. Managed security services providers such as MyTek offers industry-leading experience and advanced tools to protect businesses.