DOJ official warns companies 'foolish' not to shore up cybersecurity amid Russia tensions

A top Justice Department official issued a stark warning Thursday to companies in the U.S. and abroad, calling on them to immediately shore up their cybersecurity defenses amid a potential Russian invasion of Ukraine.

"Given the very high tensions that we are experiencing, companies of any size and of all sizes would be foolish not to be preparing right now as we speak -- to increase their defenses, to do things like patching, to heighten their alert systems, to be monitoring in real-time their cybersecurity," deputy attorney general Lisa Monaco said in remarks at the Munich Cybersecurity Conference. "They need to be as we say, 'shields up' and to be really on the most heightened level of alert that they can be and taking all necessary precautions."

Monaco said the threat was in no way "hypothetical," citing the devastating NotPetya cyberattack in 2017 that started in Ukraine before spreading globally and causing billions of dollars worth of damage.

"I think cybercriminals need to know that -- and cyber malicious actors need to know -- that attacks on critical infrastructure are unacceptable and will be met with response," Monaco said.

It comes as various U.S. agencies warned earlier this week of a cyberattack happening at the same time as a potential Russian invasion of Ukraine.

On a call with state and local officials on Monday, top cybersecurity officials from the Department of Homeland Security and FBI warned of potential attacks on U.S. cyber infrastructure in concert with a physical invasion of Ukraine, according to a person familiar with the call.

Last Friday, DHS explicitly warned of Russian cyber-attack and made a veiled mention at the ongoing geopolitical climate.

"The Russian government has used cyber as a key component of their force projection over the last decade, including previously in Ukraine in the 2015 timeframe," the Cybersecurity and Infrastructure Security Agency (CISA) warned in an online post. "The Russian government understands that disabling or destroying critical infrastructure—including power and communications—can augment pressure on a country's government, military and population and accelerate their acceding to Russian objectives."

Ukrainian officials believed they were already the victim of a Russian cyber-attack earlier this year, when suspected Russian hackers defaced Ukrainian government websites, according to officials.

Wednesday, the FBI, CISA and the National Security Agency are warned defense contractors of that Russian state sponsored actors continue to attempt and exploit their networks.

From 2020 to at least February 2022, Russian state sponsored cyber actors have targeted U.S. cleared defense contractors, according to Wednesday's joint release. The agencies say Russians have targeted various sectors in the defense and intelligence world including intelligence, weapons and missile development and software development.

The agencies warn that Russian threat actors use Microsoft 365 to first enter the system and gain official credentials and then send malware to compromise devices without the person knowing.

"Historically, Russian state-sponsored cyber actors have used common but effective tactics to gain access to target networks, including spear phishing, credential harvesting, brute force/password spray techniques, and known vulnerability exploitation against accounts and networks with weak security," the joint bulletin says.

"These continued intrusions have enabled the actors to acquire sensitive, unclassified information, as well as CDC-proprietary and export-controlled technology," the FBI, NSA and CISA said.