Cyberattacks from Russia and the Targeting of US Businesses

By Daniel Hoffman

Daniel Hoffman is a former senior officer with the Central Intelligence Agency, where he served as a three-time station chief and a senior executive Clandestine Services officer. Hoffman also led large-scale HUMINT (human intelligence gathering) and technical programs and his assignments included tours of duty in the former Soviet Union, Europe, and war zones in the Middle East and South Asia. Hoffman also served as director of the CIA Middle East and North Africa Division. He is currently a national security analyst with Fox News.

By Shawnee Delaney

Shawnee Delaney was a clandestine officer and former Detachment Chief for the Defense Intelligence Agency and IT Specialist for the Department of Homeland Security for 10 years. She is a subject matter expert on insider threat and is the CEO of Vaillance Group.

Cipher Brief Expert Dan Hoffman is a former senior CIA Officer, three-time station chief and former senior executive Clandestine Services officer.  He is currently a national security analyst with Fox News. This column first appeared in FOX News Opinion on FoxNews.com.

Shawnee Delaney was a Clandestine Officer and former Detachment Chief for the Defense Intelligence Agency and IT Specialist for the Department of Homeland Security for 10 years. She is currently the CEO of Vaillance Group.

OPINION — For Russia today, past is prologue.

The KGB was the vanguard of the Soviet Union. The Cold War was all about cloak and dagger espionage. Russian president Vladimir Putin served in the KGB and later as Director of Russia’s ruthless FSB security police. It should therefore come as no surprise that he is directing full throttled attacks on the U.S. in the unregulated, wide-open, man-made domain of cyberspace, which has become the backbone infrastructure of 21st century commerce and free expression.

The Kremlin allows criminal cyber hacking groups like DarkSide and REvil to homestead on its territory.

In April 2021, DarkSide launched a cyberattack on Colonial Pipeline, the largest fuel pipeline in the U.S., which was forced to shut down its network for days.  DarkSide hacked into the network using a compromised password, encrypted files to deny Colonial Pipeline administrators access, and extorted the company with a five million dollar bitcoin ransom payment to restore service.

REvil conducted a destructive cyberattack in May 2021 against JBS, the world’s largest meat processing company.  REvil struck again in July with a supply chain ransomware attack on Kaseya, which led to the compromise of over 1000 companies.

Most recently, Russian Intelligence, well known for hacking U.S. social media, the Democratic National Committee, and Secretary Clinton’s email server, penetrated SolarWinds operating systems and spread malware into its “Orion” security software, through which Russia gained a backdoor into SolarWinds’ 30,000 customers’ information technology systems, including major Fortune 500 companies.   The Kremlin stole protected information from a panoply of private sector and U.S. government agencies.


Engage directly with Cipher Brief Experts on the national security threat posed by Russia at The Cipher Brief Threat Conference October 24-26 in Sea Island, GA.  Seats are limited.  Apply today.


During the Cold War, CIA officers devised a set of “Moscow Rules”, which referred to the sophisticated tradecraft they used behind enemy lines to conduct espionage against the Soviet evil empire.

Key to the Cold War Moscow Rules was seeing the world through the eyes of the enemy.  In today’s world, that means understanding the strategy and tactics of the threat actors.  The goal for today’s New Moscow Rules is to mitigate risk, while being able to enjoy all the commercial and other benefits of working and living in cyberspace.

First rule: Know the opposition and their terrain intimately.  Just like the Intelligence Officers who ran surveillance detection routes in Moscow to determine whether they had a KGB tail, the best time to spot the hackers and other malicious actors is when they are in the pre-attack surveillance phase.  Cyberattacks do not occur from a cold start without pre-planning and signatures.  Proactively plugging into networks and chat rooms where attacks are being planned as well as and using cognitive computing to sift through the big data enables collection on the enemy’s attack plans.

Rallying security, human resources, managers, and IT stakeholders to ensure as much information is collected and shared on vulnerability and threat data, results in the most effective countermeasures.  Employees should have a secure channel for reporting social engineering and technical attacks.


The Cipher Brief hosts private briefings with the world’s most experienced national and global security experts.  Become a member today.


 Second rule: Do not rely exclusively on technology. Enterprises should harden their defenses by reducing vulnerable attack space with secure routers and servers; firewalls and sophisticated web codes; rigorously application of both patches and back-up protocols; and data encryption.

But humans, aka “the skin behind the keyboard,” beat technology every time. Despite having all the technical tools available, without training the workforce on cyber-hygiene best practices, enterprises will be vulnerable to attacks.

Enterprises should have a robust and transparent insider threat program to deal with cyber threats resulting from both unwitting employees who require training to counter hackers and malicious employees with ill intent.

Third rule: Always assume you are compromised (which means you have already been hacked).   Enterprises should have a business continuity strategy and a data recovery plan, which includes functioning offline in the event of a catastrophic insider or external ransomware attack.  These types of attacks require proactive planning.

Russia is by no means the only state actor ruthlessly attacking the U.S. in cyber-space.  But the Kremlin’s ubiquitous hacking operations do rely on the most sophisticated and treacherous tradecraft.

Effective cyber security means recognizing when your behavior makes you vulnerable to attack and hardening all of your cyber defenses accordingly. Incorporating best practice New Moscow Rules is meant to defend against not only Russia but also adversaries like China, Iran, and North Korea, not to mention corporate competitors and criminals groups.

Go beyond the headlines with expert perspectives on today’s news with The Cipher Brief’s Daily Open-Source Podcast.  Listen here or wherever you listen to podcasts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief


Related Articles

Search

Close