We’ve heard for more than a month of an imminent cyber-attack. Nothing, at least as far as we know, has happened yet. But U.S. intelligence and cyber-security experts report they’ve seen evidence of Russian hackers actively looking for entryways into our energy and banking networks. Entryways that could be through someone’s personal computer.
“I think it’s a clear and present danger for us now,” said Rick Holland, chief Information Security Officer at Digital Shadows.
Holland told me we shouldn’t panic but prepare.
“So, they may target someone that works at a bank, they may target someone who works at one of these energy companies and compromise their personal account,” Holland said.
Which is easier than you expect. Last year’s cyberattack on the Colonial Pipeline was the result of a single compromised password.
For the past two-plus years, many employees of regional power companies and banks were forced to work remotely. Some may have used a personal computer for work or used a work computer to check social media or personal email.
Holland says Americans should take steps now. Windows released an urgent update with security patches a few weeks ago. Make sure it’s installed. Don’t use the same passwords for social media that you use for bank and credit card companies or payments to utility companies and don’t click suspicious links in emails.
“You wouldn’t want the machine you use at home, or an account you use to somehow be used in a larger campaign for cybercriminals or Russia or another state actor,” Holland said.
The Department of Defense warns it is possible that tens of thousands of computers across the country are already infected with malware, ready to unleash an attack by someone in Russia simply pressing the Enter key on their own computer. The more desperate Putin becomes, the more likely he’ll resort to cyberattacks on the U.S.