EXECUTIVE SUMMARY:

On Wednesday, the US said that it had been secretly removing malware from global computer networks; a bid to prevent nation-state based cyber attacks and to send a political message.

The initiative emerged as US officials grew increasingly concerned about nation-state cyber attacks that could strike American critical infrastructure, including financial institutions, the electrical grid, and oil pipelines.

The malware that US teams discovered would have enabled adversaries to create “botnets” or networks of private computers capable of disrupting networks and everyday activities. Experts state that the nature of the malware remains unclear; no one could determine its intended function.

New nation-state malware

According to the New York Times, American officials obtained secret court orders and the help of governments around the world in order to disrupt the identified botnet. In some instances, cyber security professionals removed the malware from corporate systems without informing the company affected.

This represents the latest effort on the part of the Biden administration to “frustrate” adversary actions by exposing them before they could cause real-world consequences.

Despite US and international efforts to prevent Russian cyber attacks, officials continue to worry that a major, crippling cyber attack could still manifest, disrupting the American economy and society.

Cyber activity intentions

Up until this point, Russian cyber attacks have largely been directed towards Ukraine. These include “wiper” malware, intended to interrupt Ukrainian government entities, and an attack on a European satellite system known as Viasat. Intelligence agencies are particularly concerned about the latter, as it may have exposed vulnerabilities within critical communications systems, which could be exploited.

Critical infrastructure companies

In the United States, the Biden administration previously warned critical infrastructure companies to prepare for a cadre of cyber attacks. Officials in Britain have echoed the warnings.

Although past attacks have shown that hackers sometimes prefer to quietly infiltrate networks for intelligence gathering purposes, rather than sparking chaos, recent actions show that nation-state backed groups may be willing to cause damage.

Executives within some infrastructure groups have expressed hopes that the federal government will provide more funding for cyber security initiatives.

Says Peter Fletcher, the information security officer for the San Jose Water Company, “I am perfectly well aware that if…a nation-state decided it wanted to attack the national infrastructure of the US, including what I’m responsible for, I don’t have much chance of stopping them.”

Critical infrastructure groups, including water companies, commonly struggle to keep pace with cyber security infrastructure needs. A number of organizations depend on legacy technology, rife with vulnerabilities, which could render groups attractive targets for hackers.

The latest malware

At the start of 2022, as diplomatic meetings unfolded in an effort to avoid a war in Europe, nation-state backed hackers were completing the development of a new piece of destructive malware.

The code was intended to erase data and to crash computer systems. Afterwards, the malware would leave a note for targets, taunting them about information loss. Ultimately, this malware was used in various ways to attack Ukraine’s critical infrastructure, including government entities entrusted with food safety, finance and law enforcement.

For more information about nation-state backed cyber attacks, please see CyberTalk.org’s past coverage. Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.