The U.S. government on Monday once again cautioned of potential cyber attacks from Russia in retaliation for economic sanctions imposed by the west on the country following its military assault on Ukraine last month.
"It's part of Russia's playbook," U.S. President Joe Biden said in a statement, citing "evolving intelligence that the Russian Government is exploring options."
The development comes as the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned of "possible threats" to U.S. and international satellite communication (SATCOM) networks in the wake of a cyber attack targeting Viasat KA-SAT network, used extensively by the Ukrainian military, roughly around the time when Russian armed forces invaded Ukraine on February 24.
"Successful intrusions into SATCOM networks could create risk in SATCOM network providers' customer environments," the agencies said.
To strengthen cybersecurity defenses against malicious cyber activity, the government is recommending organizations to mandate the use of multi-factor authentication, ensure that systems are up-to-date and patched against all known vulnerabilities, encrypt data at rest, and maintain offline backups.
"Build security into your products from the ground up — 'bake it in, don't bolt it on' — to protect both your intellectual property and your customers' privacy," the U.S. government noted, while also urging companies to scrutinize the provenance of software components, open-source or otherwise, to watch out for supply chain threats.
CERT-UA Sounds the Alarm
The warnings about spillover incidents follow a barrage of cyber attacks that have struck both Ukraine and Russia over the past few weeks (although they have been quite muted compared to the contrary). Russia, for its part, has urged domestic firms to turn off automatic software updates and switch to Russian DNS servers.
Last week, Ukraine's Computer Emergency Response Team (CERT-UA) also notified of new spear-phishing campaigns targeting state entities with the goal of deploying a backdoor called LoadEdge. The agency attributed the attacks to InvisiMole, a hacking crew with suspected ties to the Russia-based nation state group Gamaredon.
Separately, the CERT-UA alerted that information systems of Ukrainian enterprises are being compromised by C#-based wiper program called DoubleZero that's engineered to overwrite all non-system files and render the machines inoperable.
Spam campaigns piggybacking on the war in Ukraine have also materialized in other ways, some of which leverage charity-themed lures in an attempt to steal money and compromise victims' devices from across the world, once again indicating that cybercrooks are adept at tailoring their schemes for maximum impact.
"86% of the fraudulent messages were sent from IP addresses in Lithuania, ending up in inboxes in South Korea (40%), Czech Republic (16%), Germany (7%), the US and UK (5% each), India (4%), Romania, and Italy (2% each)," cybersecurity firm Bitdefender said.
What's more, the emerging trend of using "protestware" to poison widely-used open-source libraries as a way of condemning the war has led to fears that it could risk damaging critical systems and undermine confidence in the security of the software supply chain and the open-source ecosystem.
As a consequence, Russian state-owned bank Sberbank has advised users to temporarily abandon software updates, in addition to calling on "developers to increase control over the use of external source code [and] conduct a manual or automated check, including viewing the text of the source code," according to state news service TASS.
Conti Version 3 Leaks
That's not all. The Russian invasion of Ukraine has also manifested in the form of crowdsourced hacktivist efforts to participate in a variety of digital actions against Russia, primarily leaning on DDoS attacks and publishing troves of sensitive corporate information.
Foremost in the list is an anonymous Ukrainian security researcher dubbed @ContiLeaks, who leaked the source code of the Russia-based Conti ransomware, including the more recent "version 3," as well as nearly 170,000 internal chat conversations between the gang members earlier this month, after the group sided with Russia.
In related news, Moscow's Tverskoy district court outlawed Meta-owned social media platforms Facebook and Instagram for engaging in "extremist activities," banning the company from doing business in the country with immediate effect. The ruling follows a temporary decision on part of Meta allowing users in Eastern Europe to post content calling for violence against Russian soldiers.