#supplychainsecurity hacking ICS 3rd Party Components industrial control system

How Russia Might Come After the West

By Eric Byres on February, 25 2022

Back

The DDoS attack surge that began last week against Ukrainian government agencies and banks was a bad sign. I was actually preparing a post and wondering if it was appropriate to call out Russia as, at that point, there was no formal attribution.

But c’mon.

Russia’s history of using cyber attacks in conjunction with physical warfare is long and storied. For example, in July 2008, the Republic of Georgia experienced a massive DDoS attack just weeks before Russia launched its military invasion of the country.

And now, as we watched tanks roll and rockets fly into Ukraine yesterday, I don’t think anyone doubts who was behind the cyber attacks, then or now. The new strain of wiper malware unleashed on Ukrainian targets and the ongoing DDoS attacks are clearly just another military front—even if proving it is difficult.

Frankly, I’m worried. Russia has a full quiver of options if it decides to come after critical infrastructure in the West, and we are vulnerable to one of their favorites.

What has changed since the 2008 Georgia invasion is that Russia has become far more active and proficient in both software supply chain attacks and OT-focused attacks. These are likely to be the next wave in any coordinated cyber/military offensive by Russia.

Any country or company with commercial or political connections to Ukraine needs to be prepared for Russian cyber aggression using the software supply chain. The only defense against these attacks is for companies and governments to have a global view of their software supply chain. In other words, they must be able to see—in real time—not only who they buy software from but also what 3rd, 4th, and 5th-party developers have software buried inside the products they use. And they need to be able to locate high-risk software components in minutes.

The Software Bill of Materials (SBOM) mandate by the US Government was a critical first step, but you then need a platform for converting the mountains of data inside SBOMs into actionable business intelligence.

And that’s what our team here at aDolus has built. Our FACT platform uses AI, machine learning, and a massive database of OT files and artifacts to make millions and millions of real-time correlations between vendors, products, components, vulnerabilities, and malware. We can find dangerous, untrustworthy files quickly, before they spread across critical infrastructure.

Make no mistake: Putin’s bench of Russian cyber criminals is deep, experienced, and well-funded. He’s done little to restrain them in the past, and now, with the stakes so high, he has every reason to unleash them on western critical infrastructure if he feels provoked.

Platforms like FACT, as well as SBOMs and VEX documents will make the difference between an extended critical system outage (like we saw at Colonial Pipeline) and a rapid and successful defense.

Eric Byres

Eric is widely recognized as one of the world’s leading experts in the field of OT, IT and IoT software supply chain security. He is the inventor of the Tofino Security technology – the most widely deployed OT-specific firewall in the world. When not setting the product vision, or speaking at a conference, Eric can be found cranking away on his gravel bike.