Some are probably seeing it already.
Others will shortly. This is an easy prediction to make, as attacks
arriving over the wire are more deniable, avoid much of the potential
for the ugliness of arrests, expulsions of diplomats, and the general
mayhem of old-school espionage. They also seem likely to be more
generally useful, in terms of cost-effectiveness.
Yet old-school Russian espionage is on
the rise, seemingly triggered by geopolitics, particularly the
Ukraine debacle in this case, as has happened for centuries. Consider
these recent news reports.
Poland expels diplomats for “activities
incompatible with their status”, and Russia follows suit. All very
old-school. There is also some information from the Czech
counter-intelligence agency here.
Goes into some depth about trade relations, and Germany abandoning
their former stance of economic pragmatism, the extent of Russia's
isolation, and whether that will actually matter.
Reports that German Chancellor Angela Merkel has developed a
fundamental distrust of Putin, and is concerned about the Balkans. So
Serbia and Bosnia-Herzegovina. Even Bulgaria, just to the east of the
Balkans, is a matter of concern.
Russia Has Significant Capabilities
This dates back for many years. I don't
want to go all cyber-war here. That concept was at least partially
hype from the start. Even the issues of Russian involvement in
Estonia (widely held up as the first example of cyber-war) and
Georgia are not nearly so clear-cut as they are made out to be by
some parties.
That said, a criminal organization know
as the Russian Business Network operated with a degree of impunity
that would have been impossible without some sort of governmental
relationship from 2006-2007 or so. The RBN was highly effective,
offering services and software, and spawned many offshoots. It
figured prominently in various security vendor reports for a number
years dating from that time. It is probably safe to say that
knowledge of the effectiveness of over-the-wire techniques has been
known very well within the Russian government from at least that long
ago.
Who Should be Concerned?
Pretty much anyone. Given the value of
economic espionage, potential victims are not limited to, say,
defense contractors. Even agricultural forecasts have figured
prominently in relations between the US and Russia in the past.
Obviously there are good reasons to believe that EU members should be
even more concerned, particularly governmental organizations that
touch on foreign policy, and business enterprises in the energy
sector, or that do a significant export business (whether that
currently involves Russia, or not).
The RBN had significant capabilities in
the fundamental building blocks that are used to modern attacks, such
as malware obfuscation and phishing. These techniques are important
because they are proven.
Individuals should be concerned about
the broad spectrum of social engineering attacks such as phishing
emails, or simple requests for access from someone purporting to be
working from home.
Security groups within organizations
can mostly only do what they have always done, though hopefully with
a bit more effectiveness, given the likelihood of trouble. Monitor
for data exfiltration, audit systems and networks for compliance with
the security posture you think you have. Patch.
One thing that seems to be little
stressed is to speak with the people on the business side of things.
You may discover that there is something about current negotiations,
competitors, or simply the essential function of your organization
(advocacy, etc.) which now makes you a more valuable target.
Raising awareness has historically
failed, but it must still be attempted. Which is how this post came
to be.
I Wish Spam Nation Had Been Published a
Few Months Ago
My pre-ordered copy doesn't arrive
until 11/24. It's on sale now, though, and you can get it next-day if
you want. Amazon currently shows it to be in first place amongst
network security books.
Truthfully, I don't expect it to
contain any revelation which might have made all the difference had
the book arrived today instead of on the the 24th. I am
already well enough acquainted with the situation that it won't
probably won't affect me from an operations perspective. Still, you
can never have too much much knowledge, and the day will come when
what Krebs knows will help me build a business case for better
tooling, an idea which should appear in a better training
programming, or who knows what.
I'm looking forward it.
No comments:
Post a Comment
Comments on posts older than 60 days go into a moderation queue. It keeps out a lot of blog spam.
I really want to be quick about approving real comments in the moderation queue. When I think I won't manage that, I will turn moderation off, and sweep up the mess as soon as possible.
If you find comments that look like blog spam, they likely are. As always, be careful of what you click on. I may have had moderation off, and not yet swept up the mess.