Russia ‘Plans’ HUGE Cyberattack on Critical Infrastructure

The Ukrainian government has warned that Russia is planning a massive attack against critical infrastructure. And not just that of Ukraine, but also of its allies.

They’ll probably come in the form of hacks and DDoS against Industrial Control Systems (ICS). Hopefully it’s not just a wolf-crying exercise by Volodymyr Oleksandrovych Zelenskyy (pictured).

“Glory to Ukraine,” the mural says. In today’s SB Blogwatch, we paint the town blue and yellow.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: שנה טובה.

Слава Україні — Героям Слава

What’s the craic? AJ Vicens reports—“Ukraine warns of ‘massive cyberattacks’ coming from Russia”:

Russia has lost ground
The Russian government is planning “massive cyberattacks” against Ukrainian critical infrastructure facilities to “increase the effect of missile strikes on electrical supply facilities.” [They] are also planning to “increase the intensity of the DDoS attacks on the critical infrastructure of Ukraine’s closest allies, primarily Poland and the Baltic states,” … the Ukrainian government said.

Multiple European countries have dealt with DDoS attacks from what they’ve said are Russian or pro-Russian groups, including Norway, Romania, Italy and others. [The] warning comes days after Russian President Vladimir Putin announced a call-up of … military reservists and issued a veiled threat of using nuclear weapons as Russia has lost ground in the eastern and southern parts of Ukraine over the course of the last several weeks.

And? And Dan Goodin adds—“Russia plans ‘massive cyberattacks’”:

Ukrainian forces recaptured vast swaths of territory
The mobilization … which was the first time since World War II that Russia has done so, has prompted protests and a diaspora of mostly male Russians fleeing the country. A pivot to increased reliance on hacking by the country’s military could be seen as a way to achieve objectives without further straining the ongoing personnel shortage.

[The] advisory comes two weeks after Ukrainian forces recaptured vast swaths of territory in Kharkiv and other cities. [It] alluded to two cyberattacks the Russian government carried out—first in 2015 and then almost exactly one year later—that deliberately left Ukrainians without power during one of the coldest months of the year. The attacks were seen as a proof-of-concept.

Doesn’t this have something to do with Black Hat? Jessica Lyons Hardcastle reminds us—asking, “Will those be before or after the nuke strikes Putin keeps banging on about?”:

Be ready for attacks
These earlier attacks, attributed to Russia’s GRU cybergoons, used BlackEnergy (2015) and Industroyer (2016) malware to disrupt Ukrainian power supplies and industrial output. Last month, in a surprise visit to Black Hat, Ukraine’s lead cybersecurity official Victor Zhora said his country’s threat intelligence team uncovered “Industroyer2,” an apparent successor.

Putin has also threatened to use nuclear weapons amid the Russian military setbacks, though cyberattacks may be the safer option for the Kremlin. … Repeated alerts from CISA and other Five Eyes nations’ cybersecurity agencies [have urged] critical infrastructure owners and operators to be ready for attacks by crews backed by – or sympathetic to – Moscow.

But how? Surely Ukraine’s utility ICSs aren’t connected to the internet? Yes and no, says quantaman:

The tough part is getting into the parts of the network that matter. The colonial pipeline attack never actually affected pump operations, it just prevented them from billing. I doubt a Ukrainian utility would do the same during a war, but their operations might not be as isolated from the Internet.

There might be a VPN that gives certain groups remote access to critical systems (and thus the Russians if they exploit those groups) or a misconfiguration that gives an attacker in the corporate network more access than they realize.

But Statistical doesn’t buy it:

The war was going to be over in days—I mean weeks—I mean months. If you could take down the grid and the war won by summer at the latest why not use it to bring the inevitable victory that much quicker and at lower cost?

I am in the camp of if they could have, they would have. They crippled satellite terminals in Ukraine (and by collateral damage most of Europe) in the opening hours of the war.

Perhaps this is simply Ukrainian propaganda? Zelenskyy’s latest attempt to wring some more materiel out of NATO? alain williams would prefer you to be less of a useful idiot:

[If] you live in Europe … you will have grown up in a peaceful environment, [which] will have led you to question why there was so much spending by our governments on defence. … Putin has shown us why this spending is needed and has been a wake up call for many (me included) to now understand that peace cannot be assumed: You need to be ready.

Spending on your local fire station is a complete waste of cash—until a house catches fire. [And] the only thing that a bully understands is someone who is stronger than them.

Look behind the headlines. bradley13 feels the hand of history:

The world happily let Russia attack Chechnya 20 years ago. Then Georgia about 15 years ago. Then Crimea (also Ukraine) about 5 years ago. [But] the biggest surprise of the current conflict: Suddenly, Russia wasn’t allowed to just get away with it. … This is entirely due to Ukraine’s public relations efforts, led by their new and highly charismatic president. His actions stiffened resistance in Ukraine, and galvanized the international community.

Whoever in Ukraine is in charge of keeping the war in the headlines, is doing an amazing job. Normally, whatever crisis the world is having fades into background noise after a few weeks. Ukraine is still all over the headlines, all over the world, and those headlines are almost always pro-Ukraine and anti-Russia. Compare this to the other side: Russia mostly manages to make itself look foolish or desperate.

Soldiers, weapons and logistics are essential to warfare. However, public relations – at home and abroad – are also important for any conflict lasting more than a month or two. Anyone old enough to remember the Vietnam War … will understand.

Fight fire with fire? IncorrigibleTroll is incorrigible:

The best response would be for NATO hackers to brick the [Russian] MoD’s and Wagner’s payroll servers. If it drives a few orcs to shoot their CO, all to the good.

Meanwhile, CoderDevo imagines the scene in Moscow:

It’s Friday. Did you get C&C of that water plant yet? No? Off to the front lines with you!

And Finally:

Happy new year, to those who celebrate

Previously in And Finally
Hat tip: SockCooker


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: Gleb Albovsky (via Unsplash; leveled and cropped). In the original version of this story, I foolishly mistranslated the (Polish) words on the mural—I deeply regret the error.

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 590 posts and counting.See all posts by richi