Cybersecurity expert Tony Chiappetta closely follows the war in Ukraine, worried that a new battlefield threatens the US
“It’s something that Russia doesn’t just talk about in terms of jobs, but they’ve demonstrated their capabilities,” Chiappetta told 5 EYEWITNESS NEWS.
Chiappetta says that over 20 years, his White Bear Lake company ‘CHIPS’ has reviewed more than 2,000 incidents related to malware and other network problems.
But now, with the war going on for more than two months, that new battlefield uses weapons including keyboards, monitors, and malicious programs.
Chiappetta said that as far as Russian hackers are concerned, the issue is not if, but when.
Does this keep him up at night?
“You know that. You look at the infrastructure and see how vulnerable it is,” stated Chiappetta. “They came up with things called disc wipers, not for ransom, as you often hear on the news, but for destruction. These types of malware are being actively used, and there are no geographical borders to that technology.”
He’s not the only one to hear that warning.
John Vandegrift, a cybersecurity expert at the University of Minnesota, said that months before a single shot was fired in Ukraine, Russian hackers broke into electrical facilities, causing mass blackouts in the cold. the bitter cold of winter.
“Russia is using that as part of their war,” he said in an interview. “Before invading Ukraine, they attacked the infrastructure. They close some of the grid. I think it’s a few hundred thousand Ukrainians who haven’t been in power for a while. “
Just a few weeks ago, the Biden administration sounded the alarm.
The Cybersecurity and Infrastructure Security Agency (CISA) launched a campaign called ‘Shields Up’.
In a report published April 20, CISA said Russia’s invasion of Ukraine could include malicious cyber activity against the US, including a response to economic sanctions against Russia. of the United States and its allies.
“Engaging intelligence indicates that the Russian government is exploring options for potential cyberattacks,” the report said. “Every organization, large and small, must be prepared to respond to disruptive cyber incidents. As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks.”
CISA says it is focused on protecting critical infrastructure, including the power grid, financial sectors, transportation and communications.
“If one day you wake up and you can’t use your cell phone, you can’t turn on the light, you can’t get the water out of the sink, you know, that would shake everything… and the infrastructure Such floors are everywhere,” explains Chiappetta.
CISA says the report is not just for US businesses, but for anyone buying gas, going to the grocery store or using an ATM.
“I’m sure this activity has increased since the Ukraine conflict,” said Pam Houg, office director of the Minnesota Health Council.
We asked if she thought the corporate world was ready for a Russian cyberattack.
“No, everyone, no,” Houg noted. “Because it takes forethought and planning to establish a good cybersecurity system.”
Council is a trade association for nonprofit health plans throughout Minnesota, comprising thousands of people across the state.
“Our health plans need a broad level of protection due to HIPPA and privacy laws,” says Houg. “I know we’ve been attacked multiple times in a day.”
After a phishing attack a few years ago, she said Chiappetta, her IT security provider, introduced her to a software application called AppGuard, which can circumvent malware. .
Houg said she’s confident her computer network is safe and secure, but added her firewall faces 30 attacks a day.
“Certainly, Russia and other countries, especially China, are trying to break into our systems every day,” she noted. “As soon as they find a vulnerability, they lock it down and identify it and see how they can exploit it.”
John Higginbotham, the inventor of AppGuard, says the software is pretty simple.
“It’s like a vaccine for your computer,” he explains. “It does not rely on breaches or threats. It really embeds in the operating system and the cyberspace hides processes in such a way that unauthorized external forces cannot change those processes.”
Higginbotham says Shields Up is at least educating people about the Russian threat.
However, he said that the complexity and age of US infrastructure makes it difficult to protect.
“Oil pipelines, water treatment facilities, floodlights, energy grids, and these have been built in two, three or four decades,” he said. “It’s just a challenge to lock up all the holes in a broad, mainstream network at a national and regional scale.”
CISA says there are a few things you can do to increase your cybersecurity – including starting multi-factor authentication on your account and updating the software and operating system on your mobile phones, computers, and tablets. tablets and laptops.
The agency said multi-factor authentication should also apply at the corporate level and needed to confirm that IT had ‘disabled all ports and protocols not needed for business purposes.’
CISA says more than 90% of successful cyberattacks start with a single phishing email.
But experts say that there was no mistake – the Russian hackers were active.
“There are several stages to the breach, and the first stage is reconnaissance,” says Vandegrift. “Information gathering and exploration.”
“They will go and try to define their goal, learn about it,” added Chiappetta. “Even going so far as to map out the target’s net so they know when they’re ready to go. They disable backups, they circumvent the protections in place, for maximum devastation, whatever their goals are.”
You can learn more about CISA here.