Cyberattacks on SATCOM networks attributed to Russian threat actors
The Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have updated their joint cybersecurity advisory, Strengthening Cybersecurity of SATCOM Network Providers and Customers, originally released March 17, 2022, with US government attribution to Russian state-sponsored malicious cyberactors.
Critical infrastructure
When we touched on the subject a few months ago, we explained why we think satellites are critical infrastructure. Commercial satellites provide us with the ability to establish services like Internet access, television, GPS, and scientific information about the weather and other processes in the atmosphere and on the surface.
On March 17, 2022, the Cybersecurity & Infrastructure Security Agency (CISA) published an alertin conjunction with the Federal Bureau of Investigation (FBI) which warned of possible threats to US and international satellite communication (SATCOM) networks.
Along with that alert came a report that provided mitigation strategies for SATCOM providers and their customers. And, as part of CISA’s Shields Up initiative, all organizations are being asked to significantly lower their threshold for reporting and sharing indications of malicious cyberactivity.
Spill over
The United States believes Russia launched cyberattacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the Russia invasion, and those actions had spillover impacts into other European countries.
In the months leading up to and after Russia’s invasion began, Ukraine experienced a series of disruptive cyber operations, including website defacements, distributed denial-of-service (DDoS) attacks, and cyberattacks to delete data from computers belonging to government and private entities.
For example, the United States has assessed that Russian military cyber operators have deployed multiple families of destructive wiper malware, like HermeticWiper, on Ukrainian Government and private sector networks.
Now, the US is sharing publicly its assessment that Russia launched cyberattacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries.
Defense
In order to uphold the rules-based international order in cyberspace, the US and its allies and partners are taking steps to defend against Russia’s actions. The US government has developed new mechanisms to help Ukraine identify cyberthreats and recover from cyberincidents.
CISA has exchanged technical information on cybersecurity threats related to Russia’s further invasion of Ukraine with key partners, including Ukraine.
Mitigation guidance
On March 17, 2022 CISA issued an alertproviding technical details and mitigation guidance on possible threats to US and international SATCOM networks. A quick recap:
- Use secure methods for authentication.
- Enforce principle of least privilege through authorization policies.
- Review existing trust relationships with IT service providers.
- Implement independent encryption across all communications links leased from, or provided by, your SATCOM provider.
- Strengthen the security of operating systems, software, and firmware, including vulnerability and patch management.
- Monitor network logs for suspicious activity and unauthorized or unusual login attempts.
- Create, maintain, and exercise a cyberincident response plan, resilience plan, and continuity of operations plan so that critical functions and operations can be kept running if technology systems—including SATCOM networks—are disrupted or need to be taken offline.
Stay safe, everyone!