May 19, 2022
Deputy Assistant Director, FBI Counterintelligence Division
W. Mike Herrington
Section Chief, FBI Cyber Division
Deputy Executive Assistant Director of Cybersecurity, CISA
Christopher D. Roberti
Senior Vice President for Cyber, Space, and National Security Policy, U.S. Chamber of Commerce
As the war between Russia and Ukraine continues, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and other authorities have warned of threats posed by Russian cyber actors. These agencies have already identified threats to defense contractors, energy suppliers, small home and office networks, and cloud environments that may impact critical infrastructure, businesses, government systems, and the privacy of sensitive personal data.
Associates from the FBI and CISA joined the U.S. Chamber of Commerce in a recent briefing to understand the role business leaders can play in stopping these cyber attacks.
Russia Attempting to Undermine U.S. and Drive Wedges
Kurtis Ronnow, Deputy Assistant Director of the FBI’s Counterintelligence Division, gave a briefing on why Russia is one of the United States’ major cyber opponents. Ronnow stated Russia views the U.S. as its primary adversary and “seeks to undermine our global influence, drive wedges between us and our allies, and pursue policies counter to our interests and values.”
He also stated that Russia is seeking U.S. military intelligence for its own benefit.
“Russia tries, over and over, to acquire U.S. military technology through cyber means and illegal technology transfer activities,” said Ronnow. “This allows Russia to modernize and advance its military and weapons capabilities, which is something particularly important to them now with the losses that they've suffered in the Ukraine invasion.”
Contact CISA Immediately If Your Business Has Been Impacted by a Cyber Incident
One of the ways that Russia is seeking to undermine the United States’ global standing and influence is by targeting U.S. businesses. The FBI and CISA emphasize the importance of contacting CISA if your business believes it was impacted by a cyber incident. Businesses can report incidents to CISA via email at Report@CISA.gov or through a regional point of contact.
“The key is simply that you report it quickly because a seemingly trivial anomaly can prove to be a key indicator of an emerging campaign,” said Matt Hartman, Deputy Executive Assistant Director of Cybersecurity of CISA. “While our reach on mitigation steps has been far-ranging, we know that we can always do more.”
Additionally, CISA has launched a one-stop source for information called Shields Up that documents malicious Russian cyber activities and how to address those risks. It includes generalized mitigations as well as news alerts, products from CISA, and aggregation points for information from private-sector partners.
Businesses Need to Practice Good Cyber Hygiene
Businesses of all sizes should be practicing good cyber hygiene to protect themselves against bad cyber actors. This includes simple steps such as using strong passwords, enabling two-factor authentication, and updating your software frequently. To prevent Russian cyberattacks, CISA recommends taking additional steps.
“Begin hunting for any indications of Russian state-sponsored [Tactics, Techniques, and Procedures] on your network,” said Hartman. “Mitigate any public-facing vulnerabilities with the utmost urgency, particularly those that are being actively exploited.”
“Secure your credentials,” he continued. “Russian state-sponsored APT actors have demonstrated their ability to maintain persistence using compromised credentials.”
Hartman stated businesses should be resilient, especially now, as Russia is facing global scrutiny.
“I'd highly encourage all critical infrastructure organizations to take whatever steps you can in the coming days and weeks to maximize your resilience to a disruptive or disruptive cyber incident,” he said. “Dust off and exercise your IRR plan, designated crisis response team, ensure the availability of key personnel, [and] test your backup procedures to the degree it's applicable.”
Small Businesses Are Not Exempt From These Attacks
Given the scale and severity of these attacks, small business owners may believe that Russians are only targeting large corporations. However, cyber-attacks pose significant risks to small businesses as they have less cushion to respond. Mike Herrington, Section Chief at the FBI Cyber Division, explained why Russia might target a small business.
“[A small business] could be targeted for one of your business partners,” said Herrington.”[For example,] you're a construction company that works on a power grid, you may be targeted as a small business to gain access to that ultimate target.”
“You may be making something [that has a] critical component to something that is larger … Russia exercises supply chain attacks … [and] even if you just have a very small component that feeds into a larger product that has wide broad-based adoption, you could be targeted to compromise your role in the supply chain,” Herrington warned.