It seems that Nobelium, the wonderful
Russian government-sponsored attacker group that brought you SolarWinds, hasn’t
been deterred by President Biden’s threats – or mollified by his entreaties - to
Vladimir Putin. Microsoft reports
they’re now conducting a large-scale campaign to infiltrate cloud service providers
and IT services organizations, and they’ve already had some success at it.
Of course, they’re not primarily
interested in those organizations themselves, but their customers. As we all
have known for a
while, Russia long ago gave up on the idea of attacking targets like
critical infrastructure and government agencies using full-on frontal attacks.
They know that the organizations they’re most interested in attacking have all
figured out what they need to do to keep themselves safe from those attacks.
But what we haven’t figured out
yet – and I’m not sure we’re learning too quickly, either – is how to protect ourselves
against supply chain attacks. There are so many possible vectors for those
attacks, and the average organization has so many suppliers that they trust in
lots of ways, that it will be a long time, if ever, before we’re as protected
against supply chain attacks as we now are from frontal attacks (the only other
cyberattack category that’s increasing recently is phishing, which is the main
vector for ransomware attacks. But Kaseya
showed that it’s possible to realize huge efficiency gains in ransomware
attacks by running them through the supply chain as well. The single
penetration of Kaseya led to at least 1500 organizations being compromised.
Talk about ROI!).
But I’m not writing this post just
to marvel at how clever the Russians are. I’m really writing it to wonder how
long we’re going to wait before we hit the Russians with some really strong sanctions
for their various acts of piracy.
And here, I’m not just talking about recent cyberattacks. I’m talking about shooting down
a civilian airliner in 2014 and causing $10 billion worth of damage with the
not Petya cyberattack in 2017 (which was a supply chain attack on the Ukraine
that ended up getting a little out of hand. You know how those things go…).
The Russians haven’t paid a dime
of restitution for either of those attacks. Let’s start with them. And if that doesn’t
deter the Russians, we can look at retaliation for SolarWinds and many more
recent attacks (including the fact that, according to the FBI and CIA’s Worldwide
Threat Assessment in 2019, the Russians have penetrated the US grid –
and this obviously means Control Centers – and could cause outages at any time.
This charge has never even been investigated, by the way. It seems that
investigating Russia wasn’t a good career move in Washington in 2019 and 2020.
The question is whether that’s still the case in 202).
Let’s start with the airliner.
There’s no question the Russians were behind that, even though it was one of
their proxies that pulled the trigger. Let’s do what we should have done then:
ban Russian planes from all international airspace until they pay say $5 million
to the family of all 293 passengers and 15 crew members who were killed. And until
they’ve paid the full costs of the Malaysian and Dutch governments for property
damage, and especially the costs of investigating the crash.
Then we’ll start with the other
attacks. By the time they’ve paid for those as well (and suffered other
sanctions like ending Russian bond sales in the US), maybe Uncle Vlad will be a
little more cautious about his attacks in the future.
As they say, tragedy repeated is
farce.
Any opinions expressed in this
blog post are strictly mine and are not necessarily shared by any of the
clients of Tom Alrich LLC. Nor
are they shared by the CISA’s Software Component Transparency Initiative, for
which I volunteer as co-leader of the Energy
SBOM Proof of Concept. If you would
like to comment on what you have read here, I would love to hear from you.
Please email me at tom@tomalrich.com.
No comments:
Post a Comment