Connect with us

News

US has ‘significant’ cyber vulnerabilities, but a sweeping Russian cyberattack is unlikely

Published

on

US has ‘significant’ cyber vulnerabilities, but a sweeping Russian cyberattack is unlikely

“If Russia pursues cyberattacks in opposition to our firms, our crucial infrastructure, we’re ready to reply,” he mentioned throughout remarks from the White Home.

However now, even because the Russian military drops bombs and mortar shells on civilians in hospitals and neighborhoods and its invasion of Ukraine nears its fourth week, no recognized nightmare cyber state of affairs — a widespread energy outage, a poisoned water system, a crippled provide chain — has come to move in Ukraine, the US or elsewhere.

To make certain, a ripple of smaller cyberattacks ricocheted by the web sites of Ukrainian banks and authorities companies simply earlier than the invasion, and bigger assaults should be in retailer for the besieged nation of 43 million individuals.

However the normal consensus among the many almost 20 consultants who spoke with CNN for this story is that whereas Russia is effectively positioned to launch catastrophic cyberattacks on the US, it’s not probably to take action.

“We do want to think about this risk as a low likelihood however high-impact state of affairs,” mentioned Paul Prudhomme, the pinnacle of risk intelligence advisory on the cybersecurity agency IntSights.

The prospects for a grand-scale cyberattack in America are low, consultants say. For one, Putin understands that his nation’s cyber capabilities, although formidable, are outmatched by these of america, which is usually regarded as probably the most subtle participant within the area.

The federal Cybersecurity and Infrastructure Safety Company informed CNN it hasn’t but obtained any credible cyber threats ensuing from the battle in Ukraine, however it emphasised that the vitality sector has been bolstering its defenses in recent times and is on excessive alert because it urgently prepares for any tried breach.

Advertisement

Specialists say Russia’s capacity to conduct an impactful cyberattack within the US should not be underestimated.

“If we take a look at simply what they have been capable of do, there may be solely, in line with public data, one nation on the market that has any expertise taking down electrical programs — that is Russia,” mentioned Robert M. Lee, a cybersecurity skilled who investigated the 2015 assault in Ukraine.

Testing the waters

Cyberattacks in opposition to the US by Russia are greater than merely doable — they have been occurring for years on a low-grade scale.

The nation has been testing the waters within the US, laying the groundwork, consultants say, for a way more in depth cyber marketing campaign.

Advertisement
For example, in 2018, the Division of Homeland Safety revealed {that a} group of state-sponsored hackers from Russia had compromised the networks of a number of US electrical utilities the 12 months prior and allowed intruders to collect detailed info on the management programs that US electrical utilities use to energy American communities.
That very same 12 months, the Division of Justice introduced the indictments of 12 Russian intelligence officers for finishing up large-scale cyber operations in opposition to the Democratic Occasion upfront of the 2016 presidential election.

Then, in late 2020, got here probably the most superior cyber-op but: About 100 organizations around the globe — together with a number of US authorities companies — had been revealed to have been breached by Russian hackers who compromised the software program supplier SolarWinds and exploited their entry to watch inside operations and withdraw information.

(L-R) FireEye CEO Kevin Mandia, SolarWinds CEO Sudhakar Ramakrishna and Microsoft President Brad Smith testify during a Senate Intelligence Committee hearing on Capitol Hill on February 23, 2021.

Putin has been systematically testing vulnerabilities in Europe and the US for the previous 4 years, and is able to trigger all kinds of economy-crushing issues, consultants say.

“They know learn how to weaponize this stuff — they’ve executed it,” mentioned Melissa Hathaway, who led cybersecurity initiatives within the presidential administrations of George W. Bush and Barack Obama. “If I must trigger a nationwide disaster abroad, they understand how to do that, they’ve systematically been testing the system.”

Prudhomme mentioned a stealthy Russian hacking group known as Energetic Bear — which has been tied to Moscow’s Federal Safety Service, or FSB — is the most probably Russian third-party, state-sponsored actor to execute any high-level assault.
The group, which business analysts check with by a number of aliases, together with “Dragonfly” and “Berserk Bear,” has carried out numerous profitable hacks in recent times. In 2017, it focused a nuclear energy plant in Kansas in what cybersecurity consultants check with as a “watering gap”-type assault — a follow the place hackers place malicious hyperlinks on web sites incessantly visited by workers.

“The group has a historical past of gaining entry and sustaining entry to US and European utility firms, however they do not do something with it,” Prudhomme mentioned. “They need to have that entry prepared at a second’s discover so, if and after they get the order on demand, they’ll flip the change.”

In 2020, one other state-sponsored Russian group recognized by analysts as Cozy Bear, believed to be inside Russia’s Overseas Intelligence Service, or SVR, probably orchestrated the SolarWinds hack. US officers mentioned the group used SolarWinds software program to breach inside electronic mail programs on the US Treasury and Commerce departments, amongst different key companies, in what was one of many largest-ever cyber assaults.

However it’s a two-way road. Specialists say that whereas it is true Russians are lurking within the software program of varied structural areas, People are additionally lurking in theirs.

It is the “cyber equal of mutually assured destruction,” mentioned Karen Walsh, CEO of a cybersecurity agency known as Allegro Options, utilizing a time period that traditionally described a philosophy of deterrence in the course of the nuclear standoff of the Chilly Struggle.

Advertisement
And the People, consultants say, are presently the extra succesful risk.
Whereas Russian cyberattacks have a tendency to draw headlines, consultants informed CNN, probably the most subtle hacks are sometimes carried out in a extra professionalized method by nations such because the US and Israel, that are good at hiding their tracks. One secret operation that spilled into public view in 2010 was often known as Stuxnet, by which the US and Israel are extensively believed to have collectively sabotaged a nuclear facility in Iran with a pc virus that quickly hampered the nation’s nuclear program.

Putin, consultants say, understands the extent of this sophistication and is probably going loath to poke the bear.

“He appears to acknowledge that that is a special stage of escalation,” Timothy Frye, Columbia professor and creator of “Weak Strongman: The Limits of Energy in Putin’s Russia,” mentioned of a crippling cyberattack on a significant electrical utility within the US or one other NATO nation. “That is likely to be a part of the calculations as effectively.”

Russia's cyber offensive against Ukraine has been limited so far. Experts are divided on why

Nonetheless, some consultants say, Europe’s crucial infrastructure might be an attractive goal for Russia. That is partly as a result of the continent is much extra depending on Russian oil than the US is.

“I do not suppose anybody’s thought by how a lot management Russia has over the way forward for Europe,” mentioned Hathaway, now the president of Hathaway International Methods.

Putin has been most keen to wreak havoc on the Ukrainian energy grid, which the Russians additionally hacked in 2016 — only a 12 months after shutting off energy to greater than 200,000 shoppers.

Lee mentioned the second assault — which reportedly took out a few fifth of the facility consumption in Kyiv for an hour — was by far the extra spectacular of the 2.

“That one scared the hell out of everyone,” mentioned Lee, now CEO of a cybersecurity agency known as Dragos and a former cyber warfare specialist with the Air Drive. “That was a functionality they developed that might be deployed on any electrical transmission website on the planet and have dependable results in all places. Like, it was — it was unhealthy.”

Advertisement
The USA and the UK even have blamed the NotPetya hack of 2017 — which the Trump administration known as “probably the most damaging and expensive cyber-attack in historical past” — on Russia.

The NotPetya assault was launched in opposition to a Ukrainian accounting software program agency, however the malware unfold to firms throughout the globe, leading to billions of {dollars} in injury.

“It was a part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever extra clearly Russia’s involvement within the ongoing battle,” White Home press secretary Sarah Sanders mentioned in 2018.

Some consultants say the in depth meddling in Ukraine is due partly to how the nation is seen as a type of testing floor for belligerent cyberactivity. It is because the nation’s energy grid is in some methods comparable in construction to these within the US and different Western nations, however Ukraine’s capacity to retaliate has traditionally been minimal.
Nonetheless, the US has seen an increase in high-profile cyberattacks. The rising risk prompted Biden to problem an government order in Might to shore up the nation’s cybersecurity and shield federal authorities networks. And it’s a reminder that cyber protection in america has troubling vulnerabilities.

The US has ‘vital’ cyber vulnerabilities

If the Colonial Pipeline breach demonstrated something, it’s the extent to which crucial infrastructure in America is vulnerable to cyberattacks.

That occasion in Might prompted the Georgia-based firm to close down the pipeline for the primary time in its 57-year historical past. The six-day shutdown scrambled logistics for a number of airways and prompted a panic on the pump that led to shortages and briefly raised fuel costs. However whereas it was allegedly carried out by a Russian hacker group known as DarkSide, authorities have not been capable of hyperlink it to the Kremlin. (In actual fact, the Russian home intelligence company arrested the alleged offender — although the hacker was not extradited.) The ordeal ended when Colonial ponied up the $4.4 million ransom — greater than half of which was later recovered by the Justice Division.
Motorists wait in line at a gas station on May 12, 2021 in Fayetteville, North Carolina, following the Colonial Pipeline hack.

That assault, Prudhomme burdened, was financially motivated. The hackers, he mentioned, used a compromised password present in a dark-web information dump and had been capable of make use of an inactive VPN account to penetrate the Colonial Pipeline’s community, which did not use multifactor authentication.

“Prison hackers will are inclined to go for low-hanging fruit,” he mentioned. “The purpose of entry right here was pretty easy.”

Advertisement
One other delicate breach occurred in early 2021, when hackers — whose nation of origin is not recognized — had been capable of acquire entry to a Florida water remedy facility through the use of dormant distant entry software program for the aim of poisoning the water provide. The hack was rapidly caught by a human operator on the facility. However the incident illustrates the risks of distant entry work with out correct safety: The plant had used a number of computer systems operating an growing older model of Microsoft Home windows to watch the power remotely. The entire computer systems shared a single password.
A couple of 12 months later — this previous January — the Biden administration introduced a plan to shore up the cyber defenses of the nation’s roughly 150,000 public water programs.

However even when localized networks are susceptible, consultants say that the American energy grid is much too complicated to close down in a single easy movement.

A whistleblower holding an envelope.

“For a profitable assault to have the ability to take the lights out, they should acquire entry to loads of totally different factors … and no one is trying,” mentioned Vikram Thakur, technical director at cybersecurity firm Symantec. “We do not suppose it is believable.”

Refined hackers might, nonetheless, nonetheless seize on any vulnerabilities to trigger smaller-scale injury to {the electrical} grid and different technique of vitality manufacturing.

Advertisement

Smaller utility firms might not have the ability to make sufficient of an funding in cybersecurity, doubtlessly making their programs extra susceptible to assaults. The tools and units particularly used to distribute electrical energy to shoppers are additionally extra in danger, consultants say, as a result of they don’t seem to be required to stick to federal cybersecurity requirements that apply to the higher-voltage mills and transmission traces within the electrical business.

And whereas new cybersecurity necessities had been launched for sure oil and fuel pipelines final 12 months, they don’t seem to be as complete as {the electrical} business requirements and there aren’t federal cybersecurity laws for water programs, mentioned Ernie Hayden, who has spent a long time working within the energy sector, figuring out dangers to vitality and electrical suppliers as a chief info safety officer, cybersecurity engineer and advisor.

If networks aren’t correctly secured, a hacker couldn’t solely launch a ransomware or malware assault however immediately infiltrate programs, often known as operational know-how, that management crucial tools, mentioned Hayden.

Relying on the situation of the assault and the shortage of controls, this might end in a variety of potential outcomes. If hackers get into the operational controls of a water system — as almost occurred in Florida final 12 months — they might doubtlessly poison a water provide by inflicting chlorine to be injected at a harmful stage, mentioned Hayden. They may trigger brief energy outages in the event that they discovered a approach to entry units that management the circuit breakers at one of many nation’s tens of hundreds of substations, that are used to remodel voltage earlier than electrical energy is delivered. And turning off the air flow controls or valves that management the stream of chemical substances, fuel and oil at refineries might trigger tools failures and leaks, he mentioned.

Even these smaller-scale, localized disruptions are unlikely, nonetheless, and consultants mentioned they’d not trigger the cascading blackouts or mass destruction that many concern. However they might nonetheless have a psychological influence, which often is the intent of the attacker.

Tom Alrich, a cybersecurity danger administration advisor specializing in provide chain threats to software program, mentioned he does not imagine hackers, together with any from Russia, would have the ability to trigger outages by accessing electrical infrastructure. Even when they might, he mentioned, they’d get nothing out of it. As a substitute, Alrich mentioned, the main target must be on ransomware assaults that shut down an organization’s operations with out immediately attacking the programs that management the bodily infrastructure, which is what occurred within the case of the Colonial Pipeline, or cyberattacks that “poison” the software program developed by a given firm or group, such because the notorious SolarWinds hack.

Advertisement

Max Stier, president and CEO of Partnership for Public Service — a nonpartisan non-profit that promotes higher authorities — pointed to some federal failures. He famous that the Division of Power has some key positions unfilled as a result of the US Senate has been sluggish to substantiate nominees.

“The notion of cyber danger is profound,” Stier mentioned. “It is a battlefield that does not respect bodily boundaries, one the place we all know the Russians have already got been enjoying, and never simply the Russians; and it is one the place we’ve vital vulnerability.”

CORRECTION: An earlier model of this story misstated the variety of organizations breached within the SolarWinds hack. The determine is about 100.

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

News

Russia launches Christmas Day attack on Ukraine’s energy system

Published

on

Russia launches Christmas Day attack on Ukraine’s energy system

Stay informed with free updates

Russia has carried out a Christmas Day attack on Ukraine’s energy system, leaving more than half a million people without heating, water and electricity. 

Ukrainian President Volodymyr Zelenskyy said the attack, the 13th large-scale assault of 2024 on the country’s grid, was “deliberate” and not a coincidence. “What could be more inhuman?” he wrote on X.

About 50 of the 70 missiles fired in the attack were intercepted, along with a “significant” portion of the more than 100 attack drones deployed, he added.

Advertisement

This year Ukrainians marked Christmas Day on December 25 for the second time, after switching to the western Gregorian calendar last year. The decision to stop celebrating Christmas on January 7 in line with the Orthodox calendar was made by Kyiv to break with Russian influence.

Oleh Syniehubov, governor of Ukraine’s eastern Kharkiv region, told Ukraine’s national television news that the attack had left more than 500,000 people without heating, water and electricity.

Temperatures across Ukraine are around freezing point.

Heating supplies were also cut in some areas of Ukraine’s Ivano-Frankivsk and Dnipropetrovsk regions, in the west and south of the country. 

Ukraine’s energy grid operator, Ukrenergo, urged consumers to limit consumption by not switching on multiple appliances at once, adding that the system was still recovering from the previous Russian attack on December 13.

Advertisement

Ukraine’s largest private energy company, DTEK, said that its power stations had been damaged and one of its long-term employees killed.

Ukraine’s foreign minister, Andriy Sybiha, said on X that the attack reflects Russian President Vladimir Putin’s response to “those who spoke about illusionary ‘Christmas ceasefire’”.

Hungarian Prime Minister Viktor Orbán said last week that Zelenskyy had rejected his proposal for a ceasefire and prisoner exchange on the January 7 Orthodox Christmas.

Ukraine denied that such a proposal was ever on the table, asking Hungary to “refrain from manipulations” regarding the war. On Friday, Heorhii Tykhyi, spokesperson for Ukraine’s foreign ministry, described it as “PR, a move” by Orbán.

Advertisement
Continue Reading

News

American Airlines lifts ground stop that froze Christmas Eve travelers

Published

on

American Airlines lifts ground stop that froze Christmas Eve travelers

An American Airlines agent talks to a customer at O’Hare International Airport in Chicago, Ill., last week. On Tuesday, the airline issued a national halt to flights.

Kamil Krzacznski/AFP via Getty Images


hide caption

toggle caption

Advertisement

Kamil Krzacznski/AFP via Getty Images

American Airlines passengers across the U.S. endured a sudden disruption of service on Christmas Eve, as a “technical issue” forced the airline to request a nationwide ground stop of its operations.

“The ground stop has now been lifted,” the Federal Aviation Administration told NPR shortly after 8 a.m. ET.

On Facebook and X, passengers shared stories of boarding planes early on Christmas Eve — only to be left waiting on the tarmac. In some cases, they described being told the flight would return to its gate so everyone onboard could deplane.

Advertisement

The ground stop lasted for about one hour, according to the airline.

 “We sincerely apologize to our customers for the inconvenience this morning,” the airline said.

In a statement sent to NPR, American says the widespread delays were caused by a “vendor technology issue” affecting systems that are needed for a flight to be “released” — one of the final key steps before a plane takes off from an airport.

Early circumstances around Tuesday’s outage seemed ominous, reminding travelers of a nightmare scenario that played out two years ago when computer problems fueled a meltdown for Southwest Airlines as it tried to cope with bad weather during the holidays.

Advertisement

Southwest stranded millions of travelers — and was later ordered to pay a $140 million civil penalty.

Aviation industry veterans like George Hamlin, a consultant, notes that Southwest took the brunt of the blame for the meltdown — but, he adds, “now we’re finding out that it’s a larger, more endemic problem than that.”

Delayed American Airlines passengers who posted to social media Tuesday said pilots blamed the slowdown on a computer system that aims to ensure an optimal center of gravity by balancing planes’ cargo weight and other factors.

Winter weather also threatens to snarl Christmas Eve travel, including storms along the East and West Coasts of the U.S.

The FAA’s operations page shows nearly a dozen airports were deicing planes Tuesday morning, including at Philadelphia International, and Dulles International and Reagan National outside Washington, D.C.

Advertisement

If you’re flying, the FAA recommends checking your airline’s flight status updates for potential delays. As of 9 a.m. ET, the FlightAware website’s “Misery Map” showed some 544 flights had been delayed and five canceled since 6 a.m. Nearly 120 of those delays were at Charlotte, N.C.’s, airport.

Nearly 12.7 million passengers are expected to fly on American Airlines this winter holiday season, comprising more than 118,000 flights, according to the airline. The most-traveled days in that span are both Fridays, ahead of and just after Christmas.

NPR’s Joel Rose contributed reporting.

Continue Reading

News

Private equity payouts fell 50% short in 2024

Published

on

Private equity payouts fell 50% short in 2024

Stay informed with free updates

Private equity funds cashed out just half the value of investments they typically sell in 2024, the third consecutive year payouts to investors have fallen short because of a deal drought.

Buyout houses typically sell down 20 per cent of their investments in any given year, but industry executives forecast that cash payouts for the year would be about half that figure.

Cambridge Associates, a leading adviser to large institutions on their private equity investments, estimated that funds had fallen about $400bn short in payments to their investors over the past three years compared with historical averages.

Advertisement

The data underline the increasing pressure on firms to find ways to return cash to investors, including by exiting more investments in the year ahead.

Firms have struggled to strike deals at attractive prices since early 2022, when rising interest rates caused financing costs to soar and corporate valuations to fall.

Dealmakers and their advisers expect that merger and acquisition activity will accelerate in 2025, potentially helping the industry work through what consultancy Bain & Co. has called a “towering backlog” of $3tn in ageing deals that must be sold in the years ahead.

Several large public offerings this year including food transport giant Lineage Logistics, aviation equipment specialist Standard Aero and dermatology group Galderma have provided private equity executives with confidence to take companies public, while Donald Trump’s election has added to Wall Street exuberance.

But Andrea Auerbach, global head of private investments at Cambridge Associates, cautioned that the industry’s issues could take years to work through.

Advertisement

“There is an expectation that the wheels of the exit market will start to turn. But it doesn’t end in one year, it will take a couple of years,” Auerbach said.

Private equity firms have used novel tactics to return cash to investors while holdings have proved difficult to sell.

They have made increasing use of so-called continuation funds — where one fund sells a stake in one or more portfolio companies to another fund to another fund the firm manages — to engineer exits.

Jefferies forecasts that there will be $58bn of continuation fund deals in 2024, representing a record 14 per cent of all private equity exits. Such funds made up just 5 per cent of all exits in the boom year of 2021, Jefferies found.

But some private equity investors are sceptical that the industry will be able to sell assets at prices close to funds’ current valuations.

Advertisement

“You have a huge amount of capital that has been invested on assumptions that are no longer valid,” a large industry investor told the Financial Times.

They warned that a record $1tn-plus in buyouts were struck in 2021, just before interest rates rose, and many deals are carried on firms’ books at overly optimistic valuations.

Goldman Sachs recently noted in a report that private equity asset sales, which had historically been done at a premium of at least 10 per cent to funds’ internal valuations, have in recent years been made at discounts of 10-15 per cent.

“[Private] equity in general is still over-marked, which is leading to this situation where assets are still stuck,” said Michael Brandmeyer of Goldman Sachs Asset Management in the report.

Advertisement
Continue Reading
Advertisement

Trending