John Hultquist, Mandiant‘s vice president of intelligence analysis, said in a video briefing that his firm has regularly informed its customers that chaos in Ukraine could affect them, and Mandiant is now spreading the word more broadly.
“It’s important to remember that even though a lot of this activity stays within this historic sphere of influence [of the former Soviet Union], or we often see a lot of it in the historic sphere of influence, as we escalate it’s just more likely to leak out of that area,” Mr. Hultquist said. “I think one of our concerns is just can we learn from the activity that’s going on in the area and prepare for it elsewhere?”
Matthew McWhirt, Mandiant consulting managing director, said organizations should take steps to remove the avenues that adversaries have to breach their network, such as by looking for applications and services with vulnerabilities.
“We’re not going to be able to shut off every door or stop an adversary that’s really targeting an organization from getting in,” Mr. McWhirt said. “Phishing is probably one of the main ways that they can still get in, even if you have hard perimeter defenses, but it is good to obviously understand what is your attack surface? What does it look like? Especially start from the internet, the external-facing perspective, and think like an attacker would.”
Private cybersecurity experts are not the only ones warning people to brace for chaos spreading from Russia. Last week, U.S. cyber officials published a joint advisory warning of Russian threats to U.S. critical infrastructure.
The Cybersecurity and Infrastructure Security Agency, FBI and National Security Agency urged critical infrastructure network defenders and the broader cybersecurity community to “adopt a heightened state of awareness, conduct proactive threat hunting, and implement the mitigations identified in the joint [cybersecurity advisory]” because of threats of malicious cyber action from Russia.
A senior Biden administration official told reporters last week that the U.S. government did not believe Russia’s arrest of the alleged cyberattacker was related to the escalating tension between Russia and Ukraine. The official said the U.S. government could not speak to the Kremlin’s motives.
Cyber chaos has already hit Ukraine. Ukrainian government computer networks were disrupted last week by a cyberattack that included threatening messages. Microsoft said it was investigating and a Ukrainian official has identified Russia as the likely suspect.
Mr. Hultquist said it appeared that hackers compromised a content management system that they leveraged to get access to the government websites that were defaced. He said the hackers appeared to cover their tracks by faking a connection to Poland.
“What we know about the defacement is it included a lot of specific remarks about disputes between Poland and Ukraine and suggested that the person who wrote the defacement or did this operation was a Polish nationalist,” Mr. Hultquist said. “It also included an image file used in this defacement [and] GPS coordinates associated with Poland, again suggesting an origin in Poland. We think that’s probably all fabricated.”
• Ryan Lovelace can be reached at firstname.lastname@example.org.
Copyright © 2022 The Washington Times, LLC.