Between Russia’s invasion of Ukraine and ongoing cyberattacks, experts are warning about malicious cyber activity directed at the U.S., and some U.S. security pros spoke to Fox News about how to defend against technological assaults.
Russia is not likely to take President Biden’s new sanctions sitting down and has proven to be highly adept at cyber warfare, which has become part and parcel of active “kinetic” wars in the 21st century.
“I remain particularly concerned about the reports of cyber attacks…There’s historical precedent to suggest these could be devastating for individuals, businesses, and entire countries,” Warner said in another tweet.
Russia has already launched what appears to be a series of cyberattacks on targets in Ukraine. This past week, cyberattacks impacted the websites of several Ukrainian government agencies, including the Ministry of Defense, according to Ukrainian officials. This follows cyberattacks on Ukrainian government sites and banks that have been attributed to the Russian military spy agency GRU.
How to defend yourself from Russian cyber warfare ‘spillover’
As Sen. Warner suggested, cyberattacks don’t have borders. As a result, cyber spillover campaigns could reach the U.S.
“With the Ukraine conflict now front and center and poised to widen, we expect a surge of cybersecurity attacks from Russia state-sponsored organizations,” Dan Ives of Wedbush Securities, told Fox News in a written statement.
Here’s what to watch out for and how to defend yourself, according to cybersecurity experts that Fox News spoke with.
—Ransomware: The bane of InfoSec professionals, ransomware attacks lockout companies and individuals from critical data. Attackers then demand hefty payments. “Businesses across the U.S. should be bracing for a variety of cybersecurity attacks, including ransomware,” said John Dickson, vice president at Coalfire, a Westminster, Colorado-based provider of cybersecurity advisory services.
“Make sure that all critical and all internet-facing systems are fully patched to mitigate ransomware and data destruction,” Lou Steinberg, cyber expert and founder of CTM Insights, told Fox News. “Use multi-factor authentication to log in to critical systems … and to prevent unauthorized changes (like turning off the power or opening a valve on a dam),” Steinberg said.
—Denial of service attacks: Denial of Service, which renders critical computer services unavailable, and ransomware attacks are often “outsourced,” according to Steinberg. “Rather than the government directly performing them, they tend to be done by groups who believe they are being patriots by defending Russia’s interests. It’s in [that] government’s interest to enable this as it gives them deniability. You can’t trace an attack back to the Kremlin,” Steinberg explained.
These outsourced actors “may be less capable” so companies can protect themselves if they take prudent cybersecurity measures, according to Steinberg.
—Social engineering campaigns: These attacks manipulate human behavior and “piggyback off of the news cycle,” said Hank Schless, senior manager, security solutions, at Lookout, a San Francisco, Calif.-based endpoint-to-cloud security company.
“Be especially vigilant about where you’re sharing data, who has access to it, and the identity of anyone with whom you have interactions online,” Schless said.
—Passwords: Consumers should always use multi-factor authentication and avoid reusing the same password across accounts/services, Alex Ondrick, director of security operations at BreachQuest, an Augusta, Georgia-based incident response company, told Fox News.
Ondrick said consumers can use sites like haveibeenpwned to see if they’ve been impacted by a security breach. “Regularly rotate passwords, especially on email/social media accounts, and for Wi-Fi and home router(s),” Ondrick said.
—Banking apps: “Consumers should be on the lookout for phishing and malware attacks, especially when accessing banking apps,” Dan Ives of Wedbush Securities said. Consumers should use antivirus products as well as software that protects their identities, Ives added.
—Software updates: For individuals, it is important to follow cybersecurity best practices. That includes “installing recommended software and app updates, backing up their data and exercising caution when clicking links in emails, social media posts, and online articles,” Jonathan K. Osborne, a business litigation attorney at the Florida-based Gunster law firm, told Fox News.
—FBI: The FBI has a Cyber Threat website with tips and preventative measures on everything from email compromise to phishing and ransomware.