Canada and Five Eyes allies issue another plea to critical infrastructure firms to prepare for Russian cyber attacks

Canada and its allies in the Five Eyes intelligence co-operative have issued another warning to organizations in the critical infrastructure sectors to be prepared for cyberattacks from Russia as a response to governments helping Ukraine.

Similar to a warning issued in March, it says “evolving intelligence” indicates that the Russian government is exploring options for potential cyberattacks. Recent Russian state-sponsored cyber operations have included distributed denial-of-service (DDoS) attacks, and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations.

The advisory — co-authored by U.S., Australian, Canadian, New Zealand, and U.K. cyber authorities with contributions from industry members of the Joint Cyber Defense Collaborative (JCDC)— provides an overview of Russian state-sponsored advanced persistent threat (APT) groups, Russian-aligned cyber threat groups, and Russian-aligned cybercrime groups to help the cybersecurity community protect against possible cyber threats.

The agencies urge critical infrastructure network defenders to prepare for and mitigate potential cyber threats — including destructive malware, ransomware, DDoS attacks, and cyber espionage — by hardening their cyber defenses and performing due diligence in identifying indicators of malicious activity. They provide a mitigations section of the advisory with recommended hardening actions.

The critical infrastructure sector includes financial institutions, energy providers, telecom providers, the healthcare sector, transportation companies, food growers and distributors, manufacturers and governments.

They are urged to

  • create, maintain, and exercise a cyber incident response and continuity of operations plan including a ransomware-specific annex;
  • maintain offline (i.e., physically disconnected) backups of data. “Backup procedures should be conducted on a frequent, regular basis,” says the alert. “Regularly test backup procedures and ensure that backups are isolated from network connections that could enable the spread of malware”;
  • ensure all backup data is encrypted, immutable (i.e., cannot be altered or deleted), and covers the entire organization’s data infrastructure.
  • OT (operational technology) assets and networks — such as internet-connected industrial control systems — should have a resilience plan that addresses how to operate if organizations lose access to—or control of—the IT and/or OT environment.

There’s also a link to this version of the alert from the U.S. Cybersecurity and Infrastructure Security Agency with more detailed recommended mitigations for a cyber attack from any threat group, which is a great resource for IT professionals.

The lengthy warning also outlines the tactics of many Russian government and Russian-aligned criminal hacking groups.

The post Canada and Five Eyes allies issue another plea to critical infrastructure firms to prepare for Russian cyber attacks first appeared on IT World Canada.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web