Founder of US-Cert reacts to Russia cyberattack on US
Director of US-CERT, currently Tenable CEO, Amit Yoran has called the alert unprecedented and a wake-up call for the industry at large:
"The fact that the DHS and the FBI have attributed attempts to attack and compromise critical US infrastructure to Russia is unprecedented and extraordinary. From my time as the founding director of the United States Computer Emergency Readiness Team (US-CERT) in the Department of Homeland Security, I have never seen anything like this. It's a wake-up call for the industry and a reminder that we are still not doing the basics well and that our defence needs to constantly evolve and adapt." -- Amit Yoran, CEO, Tenable.
Nozomi Networks President and CEO Edgard Capdevielle, says: "Today the US-Cert issued an alert that confirms and provides advice for protection against Russian government “threat actors” targeting energy and other critical infrastructure sectors in the United States. According to the alert, since at least March 2016, Russian government threat actors targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.
"The Department of Homeland Security and the FBI characterize this activity as a multi-stage cyber intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).
"Over the last year, our industry has seen a significant rise in the number of cyberattacks in the energy space and other critical national infrastructures. In the past, we’ve only been able to speculate on who the actors are or what their motives may be. In this case, DHS has confirmed the actor and the intent to compromise industrial networks. Cyberthreats to our nation’s critical infrastructure are real and must be addressed.
"This alert reminds us that our nation’s energy and critical infrastructure is only as strong as our weakest links, as these threat actors targeted third party suppliers to gain access to their intended targets. In addition, the entry point centered on spearphishing to gain entry to these third parties, taking advantage of the human nature to trust by sending legitimate-looking emails with resumes and CVs to companies at a time when there’s a skills shortage in ICS talent.
"This alert makes it even more imperative for industrial operators to focus on their cyber resiliency measures. Real-time monitoring of ICS systems for anomalous behavior that provides early warning of activities indicating the presence of an advanced attack is vital to understanding what is happening, the impact and how to mitigate the threat. Such activity could include unusual network connections, unusual communication messages, new or unusual commands from new sources, or new network flows. Furthermore, the presence of known indicators of compromise should be immediately identified by ICS monitoring solutions, giving operators a clear warning to take action on malware in their systems."
