While the world has been focused on Russia’s invasion of Ukraine and the damage and human suffering it has caused, officials from several Western governments are concerned about possible Russian cyberattacks.
On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that organizations could see “increased malicious cyber activity” either from state-sponsored actors in Russia or cybercrime groups aligned with Russia.
“Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners,” the CISA said on its website.
The warning, which was issued jointly with cybersecurity authorities from the U.K., Australia, Canada and New Zealand, cited “evolving intelligence” that indicated Russia’s government could be weighing options for potential cyberattacks.
“We know that malicious cyber activity is part of the Russian playbook. We also know that the Russian government is exploring options for potential cyberattacks against U.S. critical infrastructure,” CISA Director Jen Easterly said in a statement.
The warning also noted that some cybercrime groups have recently publicly voiced support for Russia, and that those groups have threatened to conduct retaliatory cyber operations “for perceived cyber offensives” against Russia or its people and against countries and organizations that have assisted Ukraine with materiel support.
The warning comes as Russian President Vladimir Putin initiated a new phase of the Russia-Ukraine war by pushing into Eastern Ukraine’s Donbas region this week.
“Recent Russian state-sponsored cyber operations have included distributed denial-of-service (DDoS) attacks, and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations,” the CISA said.
In addition to the cybercrime groups that have recently pledged their support for Russia, the CISA said other cybercrime groups have recently conducted “disruptive attacks” against Ukrainian websites, “likely in support of the Russian military offensive.”
The CISA urged “critical infrastructure network defenders” to make preparations to limit any potential cyber threats “by hardening their cyber defenses and performing due diligence in identifying indicators of malicious activity.”
The CISA outlined several measures that organizations should take immediately in order to prepare for and mitigate these threats, including updating their software, enforcing multifactor authentication (MFA), securing and monitoring Remote Desktop Protocol “and other potentially risky services” and providing end-user awareness and training.
In addition to those four immediate steps, the CISA advisory recommended separating segments of networks based on role and functionality as part of a longer-term effort to use “network segmentation.”
Network segmentation, according to the nonprofit trade association CompTIA, “is when different parts of a computer network, or network zones, are separated by devices such as bridges, switches and routers.”
“Network segmentation can help prevent the spread of ransomware and threat actor lateral movement by controlling traffic flows between—and access to—various subnetworks,” the CISA advisory said.
The CISA also recommended that organizations have a cyber incident response and operations continuity plan in place.
Newsweek reached out to Russia’s Foreign Ministry for comment.
Update 4/20/22, 4:35 p.m. ET: This story was updated with a statement from CISA Director Jen Easterly.