- The Department of Homeland Security warned state and local governments and critical infrastructure providers across the U.S. that Russia may launch direct cyberattacks if it perceives actions by the U.S. or NATO as a threat to its national security.
- The bulletin, dated Jan. 23, warned that Russia had a number of tools it could employ, and an incident could range from a denial of service attack to a more targeted attack against critical infrastructure, reported ABC News, which obtained a copy of the Intelligence and Analysis bulletin.
- While DHS officials did not comment on the contents of the bulletin, the agency "regularly shares information with federal, state, local, tribal and territorial officials and the private sector to ensure the safety and security of all communities across the country," a DHS spokesperson said Monday in an emailed statement.
A DHS spokesperson said the agency has increased operational partnerships between the private sector and the federal government to strengthen U.S. cyber defenses, including through the Joint Cyber Defense Collaborative.
The threshold for Moscow launching a direct attack against the U.S. remains very high, according to agency analysts cited by CNN. The network also confirmed the DHS bulletin.
The Cybersecurity and Infrastructure Security Agency, which operates as part of DHS, warned of a heightened threat to critical infrastructure last week, after destructive malware was unleashed on Ukraine government sites.
Multiple security researchers also raised the alarm about malicious actors deploying WhisperGate malware that could wipe computer data has been deployed and it showed similarities to destructive malware used during the 2017 NotPetya attacks.
"Russia certainly has an arsenal of offensive cyber tooling that can be used to degrade and disrupt U.S. critical infrastructure," said John Hammond, senior security researcher at Huntress, via email.
Prior cyberattacks from Russia have always "pushed the envelope," said Hammond, including ransomware that took out vital supply chain providers, used backdoors and gained persistent access inside organizations across multiple industries.
Threat actors may deploy destructive malware to delete data, hide malicious behavior or make systems inoperable, according to a Mandiant white paper on steps organizations should take to harden their defenses against a sophisticated attack.
The paper addresses a range of security issues, including segmentation between IT and operational technology, protecting against credential theft and defending against on-premises lateral movement.
Organizations and private citizens should identify what assets may be targeted, establish plans for business continuity and cyber resilience, Ken Westin, director, security strategy at Cybereason.
"My concern with Russia today is they have an arsenal of zero-day exploits at the ready, as well as initial access to targets already," Westin said.