Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
United States Security

US Firms Brace for Potential Cyberattacks as Russia Threatens Critics (bloombergquint.com) 41

Posted by msmash from the shape-of-things-to-come dept.
A swath of major American businesses -- from major banks to utility companies -- is preparing for possible cyberattacks against their computer networks as Russia on Thursday threatened "consequences" for nations that interfere with its invasion of Ukraine. From a report: Their concerns, echoed in C-suites and around Washington, follow recent warnings from the Biden administration that U.S. firms should harden their defenses against potential cyberattacks that could disrupt the nation's critical infrastructure. American officials say there are no current threats against the U.S. But they have nonetheless urged organizations to plan for worst-case scenarios and more aggressively monitor their computer networks for possible intrusions.

"Right now, everybody needs to be at a heightened alert in the event this continues to escalate, and Russia tries to sway political opinion by causing damage in the United States and its Western allies," said David Kennedy, the chief executive officer of security firm TrustedSec. He said companies should be going through their computer infrastructure "with a fine-tooth comb" to ensure previous intrusions can't be used to cause future, more damaging, attacks. Major U.S. banks, for instance, fear aggressive cyberattacks if Washington imposes deeper financial sanctions on Russia, said two banking executives who spoke on condition of anonymity to discuss private conversations. CEOs of major financial firms and their cybersecurity experts recently met with Treasury officials as Russian threats of war intensified, according to the executives.
This discussion has been archived. No new comments can be posted.

US Firms Brace for Potential Cyberattacks as Russia Threatens Critics More

US Firms Brace for Potential Cyberattacks as Russia Threatens Critics

Comments Filter:

  • Russians understand and respect only one thing (Score:4, Interesting)

    by IWantMoreSpamPlease ( 571972 ) on Thursday February 24, 2022 @04:52PM (#62300453) Homepage Journal

    a raw display of power. Anything else is seen as a sign of weakness to be exploited. This has been my experience in my years of interacting and dealing with them.

    As the (current? ex? I don't recall) CIA director once said, "you have to give them a bloody nose." otherwise they will get back up again and try again and again.

    • Comment removed based on user account deletion

    • That is not true.

      There is a small Russian community in my area. One of my favorite restaurants is owned by a Russian family. They are wonderful, friendly people. The food is good. The music is lively. The vodka is wonderful.

      Do not equate the politics of Russia's government with actual Russians.

      • Re:Russians understand and respect only one thing (Score:5, Informative)

        by jwhyche ( 6192 ) on Thursday February 24, 2022 @06:12PM (#62300711) Homepage

        Do not equate the politics of Russia's government with actual Russians.

        There are actually protesters on the streets in Moscow protesting the invasion. So, yeah, not all the Russian people are behind it.

        • Quite a few. There have already been over 1400 arrests.

        • There are actually protesters on the streets in Moscow protesting the invasion. So, yeah, not all the Russian people are behind it.

          Given those protests are deemed illegal, it’s actually surprising it’s not more. Plenty of people have family on both sides neither of which is happy about what is happening.

        • Re: (Score:2)

          by trawg ( 308495 )

          I bet there are many more against it that are just too scared - with good reason - to join the protesters.

        • If you live in a western country you can protest (mostly) as you like, as long as you don't start burning\breaking buildings, cars, police ect. I am glad I'm not in russia.

          • Re: (Score:3)

            by jwhyche ( 6192 )

            Three members of the Russian parliament have denounced the war, and called for an end of it.

      • Do not equate the politics of Russia's government with actual Russians.

        My understanding is that's about the same for Iran vs. (most) Iranians.

      • Indeed the OP should have said (and probably meant) that Putin understands and respects only one thing. That's how I read it even though the phrasing was sloppy.

    • Re: (Score:2)

      by hey! ( 33014 )

      This kind of thinking always comes up in war: "the *only* thing they understand is..."

      Sometimes that thinking is right. When the other leader is testing your resolve, then you absolutely have to give him a bloody nose. But enemies aren't necessarily stupid; sometimes they have motivations which are opaque to us. Maybe even alien.

      There's been a lot of coverage of Russia's claims about Ukraine, which is pretty much worthless because we can take for granted those claims are at least self-serving, and in fac

  • There's monitoring networks for intrusions, then there's air-gapping [youtu.be].

  • Separate intra-nets (Score:5, Insightful)

    by Aighearach ( 97333 ) on Thursday February 24, 2022 @05:02PM (#62300469)

    China unplugged itself from the internet, time for the world to unplug Russia. They can continue on with their own network, no problem. Pull the plug. Let them hack over dial-up.

    Arrest Russian agents in foreign countries that originate attacks there. Unplug countries that refuse. This is a new Cold War, which is obvious to anybody who listens to Putin's morning rant.

    • China unplugged itself from the internet, time for the world to unplug Russia.

      That will not really help. They would just move the guys who run the attacks to outside Russia. Something like a DDOS might be controlled by somewhere is Russia but is carried out by a zillion machines elsewhere that have been owned. Other attacks can be run from anywhere.

      • Numerous malware applications contain hard-coded addresses to their command and control servers, many of which are hosted in Russia. While this wouldn't completely prevent cyberattacks, it could mitigate some of them. More importantly, cutting off Russia from the rest of the internet would cause a lot more discontent with the Russian people, many of whom already don't agree with the decision to invade Ukraine. If western countries aren't going to put boots on the ground and make Russian soldiers pay with

      • Re: (Score:2)

        by spitzak ( 4019 )

        The GP realized that, that is why they said "Arrest Russian agents in foreign countries that originate attacks there. Unplug countries that refuse"

    • China unplugged itself from the internet, time for the world to unplug Russia.

      Very bad idea. It's important to allow Russian citizens to have access to the Internet. They need to see the world's point of view on their government's actions. China doesn't want that, which is why they build the Great Firewall. Putin probably wants the same right now, but it's not something you can do overnight. Let's not help him.

      And it's not like anything we did to unplug Russia would do more than inconvenience the Russian cyberwarfare teams anyway.

    • China unplugged itself from the internet, time for the world to unplug Russia. They can continue on with their own network, no problem. Pull the plug. Let them hack over dial-up.

      That plan reminds me of the first frame of XKCD #538. [xkcd.com]

      Seriously, do you not understand how the world really works?

  • It's already happening. There has been a lot of infrastructure stability issues around Google, AWS, Heroku, Azure, Starlink and a lot more today so far. Visit Downdetector.com and it's a rotating parade of outages - more usual. There's always a lot of false positive reports on their site.

    • Re:Preparing? (Score:4, Insightful)

      by Brain-Fu ( 1274756 ) on Thursday February 24, 2022 @05:31PM (#62300559) Homepage Journal

      In the domain of cybersecurity, there shouldn't be such a thing as "heightened alert." Threats from organized crime, foreign governments, and independent bad-actors, are ever-present. "Heightened alert" should be no different than "business as usual," because the internet never sleeps.

      • Re: (Score:2)

        by khchung ( 462899 )

        In the domain of cybersecurity, there shouldn't be such a thing as "heightened alert."

        But, but but but, how can those C-suites be seen as "doing something" if they can't just say "Heightened alert!"? If their company got hacked they would be accused of "not prepared". Now they can say "we already had heightened alert, but hackers still got in! They are just too skilled! Not our fault!"

      • Imagine buying a burglar alarm that had a normal mode and a high security mode for those special occasions.

    • Re: (Score:3)

      by jwhyche ( 6192 )

      It's already happening.

      Indeed, it is. There are a few Russian sites that a tried are currently unavailable from my location. I had to get on the tor network to see if they where up.

  • "Saber rattling intensifies..."

    Honestly... who here actually thinks that the Russian hackers (or North Korean hackers, or Chinese hackers, or...) have bothered to hold themselves back in any way, shape or form, to date? Personally, I'm pretty convinced that if they can hack something, than they have already done so. No level of sanctions can change that, so nothing the US does is particularly likely to change Russia's cyber behavior.

    • What will change is what the bad guys do once in. Earlier, it used to be looking around and quietly sucking data out. Then it turned to ransomware, and threats to publish private data.

      The next level is using the existing holes to go and trash stuff. And this is not hard, once creds are obtained. Grab AWS creds, nuke the EC2 install, purge all the buckets, dump the CodeCommit repos, flush all users in IAM, then zap the root account. Do similar for all other cloud providers. As for the SAN, log on via S

  • Delist the CIDR blocks covering Russia's geographic area from all routers and switches on all the backbone networks around the globe. At least now they would be limited to hacking through a satellite link which has much less bandwidth and latency resulting in more time to catch them and block the incoming network.

    • All they need is Starlink, signed up through innocent looking accounts. They don't need bandwidth in the country - they just control resources around the world to carry out the attack.

      China isn't going to de-list Russia's IPs. So they have more than one way to jump out onto the net by way of proxies, VPNs, and so on.

      On another note, Starlink is having significant problems today according to reports.

      • It can be a temporary tool to thwart hack attacks. As far as Starlink goes, the geographic coverage of each satellite in the constellation is tracked. If we can use the source address of the attack we can geolocate the general area and create a Starlink blackout for that area. We have been wasting too much time with Cyber Attacks. Also Electric Grid operators world wide need to be aware that it's foolish to think that the grid is safe connected to the internet through a firewall and vpn. It's time to a

  • We hear all the time what the reported capabilities are, but I always wonder if those details are exaggerated or underestimated, or whether it is all just empty threats...

    So part of me is like, bring it, let's see what's what.

    At the very least we would find the holes they were exploiting and get them patched up.

    Until then we might be doing nothing more than tilting at windmills...

  • radioactive or nerve agent attacks?

Slashdot Top Deals

You know, the difference between this company and the Titanic is that the Titanic had paying customers.

Close