US prepares cyber defences as threat of Russian attacks grows

8 Mar 2022

Image: © Przemek Klos/Stock.adobe.com

Critical infrastructure sectors in the US are getting help from security companies, while Google identifies more cyber threats amid the invasion of Ukraine.

Three cybersecurity companies have joined hands to offer many of their products and services to US critical infrastructure organisations for free, as anticipation of cyberattacks from Russia grows.

Cloudflare, CrowdStrike and Ping Identity, all publicly listed US companies that offer software in the security space, announced the Critical Infrastructure Defense Project yesterday (7 March) to help US hospitals and water and energy utilities bolster their cyber defences.

While focusing on these industries, identified as “particularly vulnerable”, the project will also help businesses in any industry with a roadmap for taking measures that can protect them from Russian cyberattacks.

Matthew Prince, co-founder and CEO of Cloudflare, said that at a time of “heightened security risk” it is “more important than ever” for the security industry to step in and help prepare those dealing with critical infrastructure.

The companies are focusing on a ‘zero trust’ approach in which no device or individual, whether internal or external, is exempt from security protocols and verification before entering a network.

Prince said the three companies will “offer a broad suite of our products for free for at least the next four months” to any US hospital or water and energy utility. The project has been launched in collaboration with various public sector bodies.

This move comes amid a broader response from multinational tech companies to Russia’s invasion of Ukraine, from Big Tech and social media to streaming, payment services and the gaming industry.

Growing threat from Russia

Google’s Threat Analysis Group (TAG), which monitors government-backed cybersecurity threats, has revealed details of new threats to Ukraine over the past two weeks “largely emanating from Russia”. These include campaigns from well-known threat actors such as FancyBear and Ghostwriter.

TAG said that FancyBear, a Russia-linked group, has conducted “several large credential phishing campaigns” targeting users of UkrNet, a Ukrainian media company.

Meanwhile, Belarus-based Ghostwriter has also been conducting phishing campaigns over the past week against Polish and Ukrainian government and military organisations. Last week, the state-sponsored actor was reported to be targeting European officials trying to manage refugees fleeing Ukraine.

Mustang Panda, also known as Temp.Hex, is a Chinese group that has been targeting European entities by sending malware files that claim to contain details of the situation at EU borders with Ukraine.

Google said that the targeting of European organisations is unusual for Mustang Panda, which is known to focus much of its cyberattacks in the south-east Asia region. TAG said it has alerted relevant authorities of the findings and taken measures to mitigate threats from all three actors.

In response, Google has also expanded eligibility for Project Shield, which offers free protection against distributed denial-of-service (DDoS) attacks, so that Ukrainian government websites and embassies, as well as those of other countries helping, can stay online and protect themselves.

While Ukraine has borne the brunt of cyberattacks from Russia, the US hasn’t been spared from its share of threats.

Bloomberg reported yesterday that more than 100 employees of almost two dozen natural gas companies in the US were found to have been hacked by Russian actors in mid-February and just before Russia began its invasion of Ukraine.

Targeted companies include Chevron, Cheniere Energy and Kinder Morgan, according to a discovery made by US security company Resecurity. The cyberattacks focused on companies that supplied and exported liquefied natural gas, an increasingly critical sector in the energy industry.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Vish Gain was a journalist with Silicon Republic

editorial@siliconrepublic.com