A recent report from Microsoft details extensive Russian cyberattacks in Ukraine during the first months of the conflict. These cyber breaches dovetail with Russian military attacks, thus cementing the theory that Russian cyber criminals are supported by their government. (Source: Microsoft discloses onslaught of Russian cyberattacks on Ukraineby Raphael Satter, Christopher Bing and James Pearson from Reuters.)

Microsoft estimates the digital onslaught began in February 2021 – a full year before the war began. Russian hackers laid the groundwork for future military missions. For 12 months, these bad actors were silent. However, Microsoft observed 37 Russian destructive cyberattacks inside Ukraine between February 23 and April 8, 2022.

Modern Warfare

Microsoft asserts Russian hacking and military operations worked in “tandem against a shared target set.” Several examples are provided in the article. On March 1, 2022, a Russian missile was fired at Kyiv’s TV tower while Kyiv media companies were hit hard by crippling cyberattacks. Microsoft also found Russian cyber criminals lurking on Ukrainian critical infrastructure in Sumy, two weeks before widespread electricity shortages occurred in the area on March 3.

A top Ukrainian cybersecurity official noted that he is monitoring Russian cyberattacks on local telecom companies and energy grid operators.

Pipedream – A New Cyberweapon

The U.S. government recently exposed a cyberweapon, known as Pipedream, which is designed to damage industrial control systems. Critical infrastructure owners around the world should take notice.

The destructive malware uses components designed to take control of the functioning of devices, including programmable logic controllers (PLCs) that are sold by Schneider Electric and OMRON for industrial environments. This malware also targets Open Platform Communications Unified Architecture (OPC UA) servers, which are the computers that communicate with the PLCs.

Officials are not sure of Pipedream’s origin, but its potential to bring down energy companies is alarming. Pipedream takes advantage of vulnerabilities hiding in common third-party software embedded in OT devices sold by hundreds of different vendors.

What Should Energy Companies Do?

To defend against Pipedream, utilities need to know the source of software and firmware used in their OT systems. Companies must identify in real-time not only who they buy software from but also what third and fourth-party developers have software embedded inside the products they use.

Remember Recovery

Unfortunately, no one is immune from these ongoing and dangerous threats. Companies must prepare and do what they can stay out of harm’s way. However, any entity that relies on the internet is a potential target.

Don’t forget that recovery is an important part of an organization’s overall ransomware strategy. Recovery Point can help you create a solid DR plan that includes air-gapping and/or immutable storage. We can help you design a clean room environment. Should you be targeted by bad actors, you have a clean backup to work with and get your business back and up and running.

Don’t delay – failing to plan is planning to fail – call 877-445-4333 to speak with a Recovery Point expert and learn more.

You Might Also Like

Leave a Comment