Corero
Blog & News

Multi-Nation Cyber Alert: Beware Russian State and Criminal DDoS Threat to Critical Infrastructure

On April 20, 2022 the cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom released a joint Cybersecurity Advisory “to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners.” The advisory continued, “Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks…”

The alert noted that past attacks were most likely carried out by either Russian agencies including the Russian Federal Security Service, the Ministry of Defense and the Center for Special Technologies, or pro-Russia cybercrime groups. Future cyber attacks would likely also come from these sources. One pro-Russia cybercrime group is Killnet, which claimed credit for the DDoS attack against Bradley International Airport in Connecticut, because the threat actors saw the airport as supporting Ukraine in the current war. Earlier in 2022, cybercriminals also carried out DDoS attacks against Ukrainian defense and banking organizations.

What’s Considered Critical Infrastructure?

The UK defines 13 areas of critical national infrastructure which are particularly vulnerable to cyber attack: Chemicals, Civil Nuclear, Communications, Defence, Emergency Services, Energy, Finance, Food, Government, Health, Space, Transport and Water. Yet there are many other organizations that are important infrastructure. Key elements of a national food supply chain could be considered vital infrastructure. For example, on the same day as the Cyber Awareness Alert, the FBI Cyber Division also issued a notification, “Ransomware Attacks on Agricultural Cooperatives Potentially Timed to Critical Seasons.” In the past few months, six large grain cooperatives have been victimized by cyberattacks; such attacks can impact the food supply chain for both humans and livestock. Fortunately, because food supply chains are broadly distributed and multi-faceted, the impact would most likely be less immediate and less noticeable than a cyberattack on an airport or an energy utility grid.

Advice: Update Your Cyber Incident Plans

The national cybersecurity agencies give clear advice to all organizations in the public and private sectors:

  • Create, maintain, and exercise a cyber incident response and continuity of operations plan;
  • Keep hard copies of the incident response plan to ensure responders and network defenders can access the plan if the network has been shut down by ransomware, DDoS, or other forms of attack;
  • Make sure that the plan contains ransomware and DDoS-specific annexes. For information on preparing for Distributed Denial of Service (DDoS) attacks, see the NCSC-UK guidance.

Given the increased threat of DDoS attacks on critical infrastructure, organizations should engage with a DDoS protection vendor, or at least their service providers and hosting providers, to ensure that they have always-on, automated, real-time DDoS Protection in place.

For over a decade, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. For more on Corero’s diverse deployment models, click here. If you’d like to learn more, please contact us.