White House Warns of Possible Russian Cyberattacks

News:

The White House has issued its starkest warning that Russia may be planning cyberattacks against critical-sector U.S. companies amid the Ukraine invasion.

[…]

Context: The alert comes after Russia has lobbed a series of digital attacks at the Ukrainian government and critical industry sectors. But there’s been no sign so far of major disruptive hacks against U.S. targets even as the government has imposed increasingly harsh sanctions that have battered the Russian economy.

  • The public alert followed classified briefings government officials conducted last week for more than 100 companies in sectors at the highest risk of Russian hacks, Neuberger said. The briefing was prompted by “preparatory activity” by Russian hackers, she said.
  • U.S. analysts have detected scanning of some critical sectors’ computers by Russian government actors and other preparatory work, one U.S. official told my colleague Ellen Nakashima on the condition of anonymity because of the matter’s sensitivity. But whether that is a signal that there will be a cyberattack on a critical system is not clear, Neuberger said.
  • Neuberger declined to name specific industry sectors under threat but said they’re part of critical infrastructure ­—a government designation that includes industries deemed vital to the economy and national security, including energy, finance, transportation and pipelines.

President Biden’s statement. White House fact sheet. And here’s a video of the extended Q&A with deputy national security adviser Anne Neuberger.

EDITED TO ADD (3/23): Long—three hour—conference call with CISA.

Tags: , , ,

Posted on March 22, 2022 at 9:57 AM23 Comments

Comments

Mexaly March 22, 2022 10:12 AM

I can’t imagine that patch-resistant organizations (eg. the US government) are going to have a sudden epiphany, without learning the hard way.

Winter March 22, 2022 10:39 AM

This might be part of attempts to drag NATO into the war. The use of biological and chemical weapons would be another of such provocations.

Only NATO Can Save Putin
The odds of a palace coup against Putin are already low; the odds of such a move while Russia is at war with NATO are even lower.
ht-tps://www.theatlantic.com/ideas/archive/2022/03/putin-war-nato-intervention/627092/

Only one military force in the world can save Putin from utter humiliation now: NATO, the North Atlantic Treaty Organization. NATO intervention in Russia’s war on Ukraine could halt that country’s barbarous attacks. But it would mean war between Putin’s regime and the West, and this war would be such a gift to Putin that we should expect that he will soon do everything he can to provoke it.

The U.S. and Europe should resist such provocations.

First and foremost, NATO intervention would help Putin by allowing him to rally his nation and impose even harsher measures to suffocate dissent. Millions of Russians clearly want nothing to do with this fratricidal war, which is one reason Putin has been desperate to keep them from hearing anything about it other than weird Soviet-era cant about neo-Nazis and weapons of mass destruction. If NATO were to become involved, however, Putin’s regime would gladly play footage of Russian men being blasted to pieces by U.S., British, and other allied jets. (Americans who think that a “no-fly zone” would not require attacking land targets, perhaps even in Russia, are deluding themselves.) And even if the Germans were not participants, Russia would almost certainly fabricate videos of German jets attacking Russian military units to play on the obvious and reflexive nationalistic anger that many Russians will feel at such images.

See also:
ht-tps://thenewamerican.com/expert-putin-may-want-to-provoke-nato-involvement-in-ukraine-to-save-himself/

Cyberion March 22, 2022 10:42 AM

So based on Bruce’s other post (“Developer Sabotages Open-Source Software Package”), the Russians could get to a lot of computers by “contributing code” to some open-source libraries.

And before someone says “Russians would not do that becauase they know…” just FYI that no “standard expectations of consequences” have stopped that government from doing crp so far. Unfortunately. I just think that if there is a way for them to do crp, they will do it regardless of who says what.

Ted March 22, 2022 12:27 PM

Thanks so much for sharing the video. The reporters asked a lot of good questions. Lots of very practical guidance in the fact sheet as well.

I am grateful to see more developments in cyber in the US. It seems like there is better communication, infrastructure, and leadership.

Also, the WaPo article said the requirement for critical infrastructure to report cyber incidents “will take a year or longer to go into effect.” I had been wondering that.

If Russia can see beyond its nose here, I hope they would consider cyberattacks against the US to be ultimately self-destructive.

lurker March 22, 2022 12:46 PM

U.S. analysts have detected scanning of some critical sectors’ computers by Russian government actors and other preparatory work …

@Clive, completey in accord with your eternal plea “Why is this gear exposed to the ‘net?” So is there any acceptable way from the outside to get that stuff offline? Courts are unlikely to accept that DDOS or DNS poisoning was “a defensive measure for your own good.”

vas pup March 22, 2022 3:57 PM

Russia’s hypersonic missiles ― what you need to know
https://www.dw.com/en/russias-hypersonic-missiles-what-you-need-to-know/a-61204404

“Almost four weeks into Russia’s war on Ukraine, one strike last Friday was like no other so far. The target was an underground arms and munition depot in the small village of Deliatyn, 100 kilometers (62 miles) from Ukraine’s border with Romania.

The attack stood out — not only because the facility was destroyed — but also because Russia had used a hypersonic missile for the first time in the Ukraine war.

Hypersonic missiles differ from conventional ballistic weapons in ways that make them harder to catch by missile defense systems. It comes down to speed and altitude.

Some experts say this type of missile flies as fast as 6,000 kilometers per hour, which would be around Mach 5. Others say it flies at Mach 9 or even Mach 10.

Either way, it’s fast. So fast, in fact, that “the air pressure in front of the weapon forms a plasma cloud as it moves, ===>absorbing radio waves,” the weapons experts at US website Military.com explain.

That makes “Kinzhal” and other hypersonic weapons very hard to catch on radar systems, an effect compounded by their low altitude.

Hypersonic missiles fly at a much lower altitude than conventional ballistic missiles.

They follow what is known as a low atmospheric-ballistic trajectory. That means that by the time a radar-based missile defense system clocks them, they are already so close to their target that in many cases it is too late to intercept them.

On top of that, hypersonic missiles can change direction midflight.”

Read the whole article for more details.

Naveed March 23, 2022 1:59 AM

I believe, its a good practice to get prepare for worse possible consequences. Although US is not in war directly with any nation directly, but, its allies does.

Remember the following words by Secretary of Defense, Leon Panetta (almost 9 Years ago).
Future cyber attack could rival 9/11, warns US Defense Sec. Panetta.

Academics like Schneier and Ross Anderson have already warned the world through their books and blogs that such things can happen anytime sooner or later. The thing is, US has teams of IT experts, who have the ability not only to identify the attack but they can counter it in real time.

Winter March 23, 2022 4:14 AM

In the near future, cyber crime and cyber attacks might be the only paying IT jobs left in Russia. But will there still be IT professionals to fill the jobs?

Russian IT pros fleeing the country, says local tech industry lobby
Russia is Putin together plans to create its own versions of banned products and local business is promising to buy
ht-tps://www.theregister.com/2022/03/23/russia_it_pro_exodus/

Plugotarenko suggests those developing import substitution products do so with exports in mind, but admits the West will be closed to Russia. He pondered markets to Russia’s east as an alternative, but there’s little sign China would consider Russian software over home-grown efforts. And North Korea is not a big market for anything.

Russia has already admitted that sanctions could hurt its technology businesses. The Association’s messaging suggests the nation appreciates that most businesses rely on technology and technologists, and that massive efforts are required to ensure both remain available for Russian life to continue as anything like normal.

We know how this ends. Russians will loose the right to travel abroad.
ht-tps://www.voanews.com/a/russian-refuseniks-endure-hostility-suffer-grief-but-say-impossible-to-stay-in-putin-s-russia-/6489347.html

SpaceLifeForm March 23, 2022 7:14 AM

re: Okta

A lot can change in 8 hours when one actually starts investigating

This disconnect is huge, and I fail to see why anyone would want to continue doing business with them. Of course, you can not extract yourself quickly from an outsourcing problem. Maybe, like, you know, not outsource in the first place? Doh.

Or maybe, there are different definitions of ‘breach’ in alternate realities.

hxtps://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/

hxtp://web.archive.org/web/20220323100006/https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/

This blog was posted at 10:45 AM, Pacific Time. [2022-03-22]

++

The Okta service has not been breached and remains fully operational. There are no corrective actions that need to be taken by our customers.

This update was posted at 6:31 PM, Pacific Time. [2022-03-22]

++

As we shared earlier today, we are conducting a thorough investigation into the recent LAPSUS$ claims and any impact on our valued customers. The Okta service is fully operational, and there are no corrective actions our customers need to take.

After a thorough analysis of these claims, we have concluded that a small percentage of customers – approximately 2.5% – have potentially been impacted and whose data may have been viewed or acted upon. We have identified those customers and are contacting them directly.

SpaceLifeForm March 23, 2022 12:01 PM

Re: Microsoft

hxtps://amp.cnn.com/cnn/2022/03/23/tech/microsoft-lapsus/index.html

“Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk,” Microsoft said.

I do not think this will age well.

JonKnowsNothing March 23, 2022 12:57 PM

@Winter

re: will loose the right to travel abroad

This is historically the means that all countries use to prevent “brain drain”. It is nothing new and not unexpected.

The USA is notorious for poaching everyone they can, especially from poor countries that fund the education of their MDs RNs PhD Techies EEE and any other advanced degree en vogue. We grabbed so many people from the UK for our space program the UK put a block on exit and the US probably had to boost the number of Lipton Tea bags in the break room.

In a technical way everyone has already lost the “right to travel”. You need passports, visas, authorizations, stamps, check-ins and exit documents. People, other than refugees, cannot just Go Here or There Or Everywhere without Papers-Please.

Of course refugees. by named-group, are Not Wanted. Not Here. Not In My Back Yard. It doesn’t matter what kind of degree or papers you had before. Only large sums of cash-value will get you in. About $150,000-$500,000 of good hard currency will do.

After a few wars, you’ll get the hang of it. It’s like a DoWhile or DoUntil loop.

Winter March 23, 2022 1:19 PM

@JonKnowsNothing
“You need passports, visas, authorizations, stamps, check-ins and exit documents.”

Some countries are better than others. An average EU or Canadian citizen can easily get a passport and they are (or were) quite universally welcomed. Im my country, almost everyone already has a passport.

Clive Robinson March 23, 2022 1:36 PM

@ SpaceLifeForm, ALL,

What does it really, truly mean to be authenticated in a networked environment?

Currently the true meaning is that chill wind shrinking your nether regions and tightening your… as you realise yet again you’ve woken in the middle of a living nightmare and yet again you’ve been left there with your pants around your ankles…

Why? Because firstly Okta’s core business provision is “Single Sign On”(SSO) service for hundreds if not tens of thousands of cloud services. Not only can the probability that way more than 2.5% of Okta’s customers’ credentials have been leaked to unknown parties, be assumed. But far worse that near three month delay in announcment has been because the attackers have be busy busy busy. So the possibility they have gained access to tens if not hundreds of elevated privilege accounts on many cloud services can not be discounted…

Maybe not another SolarWinds in magnitude, but certainly enough for people to start waking up to the fact that those SSO services are actually not that usefull whilst also being a major security risk (twice over, ie once because of the SSO for each individual, but second because of the very large collection of accounts that are made “Open Sesamee”).

Since the mid 1990’s when SSO and “Directory Enabled Networks”(DENs) became a much talked about user model in academic environments, I’ve seen so many security holes in them that they actually managed to live down to my doom laden expectations…

Secondly as for cloud services I’ve been “anti” for very good and propper reasons for just as long… But to my shock they have proved to be worse than what I had predicted…

So much so at one point the “Monday morning question” at work would be “How has AWS failed over the weekend?”… Mind you Microsoft and others also lived down below any kind of security expectation for cloud operating a reasonable person might expect.

SpaceLifeForm March 23, 2022 3:26 PM

@ Clive, ALL

What does it really, truly mean to be authenticated in a networked environment?

LAPSUS$ is a Tsunami wake-up call.

They probably are not whom one may think.

Did they also get into LG and Samsung via Okta?

See the screenshots.

I love the Schrödinger employee of Microsoft that is simultaneously in USA and Germany. Twice the productivity!

hxtps://nitter.net/GossiTheDog/status/1506569465630269443

[429, wait, retry]

JonKnowsNothing March 23, 2022 3:56 PM

@Winter

In my country no one needs a passport provided they aren’t interested in traveling to your county.

Actually you need very little paper as long as you aren’t interested in driving a car, taking a train, flying, exiting the N or S border, voting, having a credit card, bank account, Hi-Tech phone, or applying for social security (1) or other aide. (2)

Less paper 🙂

Canada is interesting because there’s not too many directions you can go land-wise: the country is sealocked. It’s the opposite problem of landlocked countries.

===

1) For Social Security Retirement Benefits you do need a bank account, and US Bank Accounts require a permanent physical address. If you are one of the millions of US Citizens who are houseless, homeless or unsheltered, you are SOL no matter how much of the other paper you have.

2) Charity aid and Charity food and other “free services” may not require any paper or “proof you have no money”. Some are straight up: take it if you need it and others are take it if you have been Pre-Approved by a Social Agency. (3)

3) disclosure: I am currently in a bad fix with The Great State of Texas where my 99yo Mum lives. The Great State of Texas has decided that after her living in Texas for the last 40+ years or more, that she no longer qualifies as a Texas Resident.

To repair this error I am required to upload documents that are not in my possession but are in the possession of the people were she lives. Since I live on the other end of the country I cannot just drive over and get them.

To upload these documents requires a Special Texas App and even though the people around her COULD do so, they cannot DO so because her account permanently locked to me; since the Texas Social Services Program removed secondary access and contacts.

Same old stuff as done in UK, AU, USA – anything to stop support because you don’t have the right number, the right paper, the right ID code, the right rights.

Some papers are more important than others but only when they are now required after 40-60 years of no requirement, you are 99yo and get $125USD per month food support… or did.

It doesn’t look good that this will get fixed anytime before she turns 100yo.

SpaceLifeForm March 23, 2022 4:25 PM

@ Winter, JonKnowsNothing

Re: Passports

No Brain Drain here.

hxtps://apnews.com/article/russia-ukraine-middle-east-miami-europe-paul-manafort-de557d1773a150fa975769d7216fa54f

Former Trump adviser Paul Manafort was removed from a plane at Miami International Airport before it took off for Dubai because he carried a revoked passport, officials said Wednesday.

Interesting that he was allowed to board the plane in the first place.

Dubai may be where Jeffrey is.

Maybe Clearview can get on this.

vas pup March 24, 2022 3:23 PM

North Korea fires suspected intercontinental ballistic missile
https://www.dw.com/en/north-korea-fires-suspected-intercontinental-ballistic-missile/a-61241800

“North Korea fired a suspected intercontinental ballistic missile (ICBM) Thursday, South Korean President Moon Jae-in said.

“It poses a serious threat to the Korean peninsula, the region and the international community,” Moon said in a statement, adding that it was a “clear violation” of UN Security Council resolutions.

Tests were a “breach of the suspension of intercontinental ballistic missile launches promised by Chairman Kim Jong Un to the international community,” Moon added.

Japanese authorities said the missile flew for about 71 minutes to an altitude of about 6,000 kilometers (3,728 miles) and to a range of 1,100 kilometers from its launch site.”

Where N Korea get electronics for ICBM and other advanced weaponry being under sanctions for many years? Just curious.

Clive Robinson March 24, 2022 5:58 PM

@ vas pup, ALL,

Where N Korea get electronics for ICBM and other advanced weaponry being under sanctions for many years?

What electronics?

The German V1 “cruise missle” predecessor and V2 “IRBM” predecessor did not use “electronics” they used at best “electro mechanical auto pilots and logs”.

Way to many people make assumptions about the level of “computing” used to get to the moon and back. The chances are the “white goods” in the average middle class First World kitchen have more computing power, the “home electronics” in the sitting/living room definately have more.

Heck I’ve got a couple of –now– $2 “System on a Chip”(SoC) microcontrolers that have more computing power, RAM, Storage, and peripherals than the early high end Vax Mini-computers sitting in the junk bits box under my work-bench. It actually does not take that much effort to put an early version of Unix on them.

But they are in the junk bits box for a reason… You can now get $4-10 “Single Board Computers”(SBC) from the likes of the Raspberry Pi foundation that run fairly modern versions of Linux and are a lot more powerfull than Pentiums.

Nobody checks who buys these SBC’s or where they get sent to putting a couple of hundred of them in a “Diplomatic Pouch” would be trivial to do, and perfectly within international treaty obligations.

Then there is all those nice “drone sensors” China makes by the shipping container load I’d be very surprised if North Korea could not get a thousand or so of those without anybody noticing…

But you could ask the same question about Russia, some of the stuff littering the Ukrain up contains some fairly advanced electronics, the more advanced electronic componets of which were very probably not made in Russia.

The sort of electronics that neither China or North Korea are getting their hands on easily are those made in andvanced FAB plants in Taiwan…

The same fab plants the US is desperate to get moved to the US and thus under US control. Something the Taiwanese are not at all keen on for obvious reasons[1] and are where a lot of the industry leading edge silicon chips evenc are manufactured.

We’ve been talking about SBOMs over the past couple of days, how do you think the Hardware “Bill Of Materials”(BOM) lines up on US weapons systems and parts made around the South China Sea?

Knowing that in more depth might make you more than a little uncomfortable…

[1] Let’s put it this way, as long as those fsb plants stay in Taiwan the US has reason to help defend Taiwan against China. If the fab plants get moved to the US then the US does not have the same incentive to protect Taiwan against Chinese agression / invasion.

witefite_seven_seven March 25, 2022 10:07 PM

I have a theoretical question for those that might have some insight.

Assume for a moment that something caught your eye, or something was just slightly off relative to your normal everyday baseline of life.

Maybe you thought for a split second someone was following you, or the random person you just passed on the street made a snied comment somehow relating to a private conversation you just had.

Eventually over time you realize that all of these “strange” anomolies are something more. Lets say you have the technical capacity to counter-surveil yourself and discover you are 100% compromised. Phone, Computer, TV, Cameras, online accounts, GPS on your car, psychologicaly profiled, everything single thing you do is being closely watched by a team of people 24/7. Microphones, cameras in infrared, nightvision and thermal all closely watching. The new neighbor that just moved in to the adjacent apartment, the constant high frequency noise you now hear 24/7.

You might first ask yourself, do you need some psychological help? After you are able to validate what is happening, you might ask yourself what did do to deserve such expensive attention? If you are one of the very unfortunate few that genuinely doesnt know, but are being actively targeted by a sophisticated team, What would you do?

Journalist, whistleblower, or perhaps a powerful person that “thinks” you are some sort of threat. When you realize you are totally compromised and its too late to take precautionary steps. What do you do? Especially if you have been blacklisted from employement and bled dry financially? How does one “break” the kill chain? What is the best actions to take?

ResearcherZero March 28, 2022 12:00 AM

@witefite_seven_seven

First identify the threat. Is it the GRU for example? Are they a permanent resident, where is there base of operations? Compile some evidence, and report the threat. On U.S. soil you are probably a little safer as they run somewhat competent investigations and take these things seriously. Outside of the U.S. , if it is the GRU, well you would not like my solution, and probably the police wouldn’t either.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.