Recent Russian Cyber Attacks and How to Defend Your Business from Cybersecurity Threats

A Brief Explanation of the Russian Cyber Attacks

On March 15, 2018, a Technical Alert (TA) was released jointly by the Department of Homeland Security (DHS) and the FBI which implicated Russian government cyber actors in the targeting of numerous US, Canadian, and European targets. The cyberattacks used a variety of infection vectors, including malicious emails, watering hole attacks, and Trojanized software. The Russian hackers are targeting trusted third-party providers (known as “staging targets”) who have less secure networks than their ultimate intended enterprise business and government targets. From these vulnerable entry points, they can gain access to the much more secure infrastructure targets.

About This TA—In Layman’s Terms

 

This TA was mostly a confirmation of a commonly-held knowledge in the cybersecurity professional community. The hacking group, known as Dragonfly or Energetic Bear, has been in operation since at least 2011. Initially, they were targeting defense and aviation companies in the US and Canada. By early 2013, they had pivoted to focus mainly on US and European energy firms. They went quiet for a few years after Symantec released a report detailing their actions in 2014. They later reemerged sometime in March 2016 and began targeting government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. The hackers were able to gain access and control of much of the US’s critical infrastructure.

 

Establishing an SMB and Large Enterprise Cybersecurity Defense Strategy

 

Increasingly, companies are realizing that, regardless of how secure their own IT infrastructure is, they are only as secure as their least defended downstream provider. The revealed actions of Dragonfly are just further proof (as if any more were needed) that all small, medium-sized, and large enterprise businesses need to be concerned with assessing their security risk and compliance. Lack of cybersecurity due diligence could put valuable contracts at risk.

For cybersecurity to be effective, companies must evaluate the data information security posture of their third-party vendors. As of this year, performing these cybersecurity risk assessments is now a requirement for getting or maintaining a government contract. While this is a positive step in cybersecurity, manually evaluating every third-party vendor can be an incredibly expensive and time-consuming process. Thankfully, there’s an easier way. SecurityGate.io has designed a cybersecurity risk and compliance management platform which automates the cyber risk assessment and remediation process. Companies can track their various suppliers’ and assets’ cybersecurity compliance through a centralized dashboard, allowing them to compare suppliers and focus on the most pressing cybersecurity issues first. Contact us to schedule a demonstration.

Reference:

https://www.us-cert.gov/ncas/alerts/TA18-074A

https://www.symantec.com/connect/blogs/dragonfly-western-energy-companies-under-sabotage-threat-energetic-bear

https://www.symantec.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks

Brent Gage

After beginning his career as a roustabout on an offshore drilling rig, Brent is now a cybersecurity specialist at SecurityGate.io who performs client consultation and assessments while maintaining and monitoring the platform’s hosting infrastructure.

Share this post

Facebook
Twitter
LinkedIn
Email

Recent Articles

Partner Program
Resources
About Us

Contact Us