July 3, 2022

Volume XII, Number 184

Advertisement
Advertisement

July 01, 2022

Subscribe to Latest Legal News and Analysis

June 30, 2022

Subscribe to Latest Legal News and Analysis

Cyber Siren Warning - When State Actors Attack

Russia began a physical invasion of Ukraine Wednesday night, and as the United States responded with sanctions, the threat of cyberattacks against American companies became more acute. Major American businesses – from banks to critical infrastructure companies – are preparing for possible cyberattacks after Russia threatened “consequences” for nations interfering with its invasion of Ukraine. This follows recent warnings from United States officials that companies should harden their network defense against potential cyberattacks due to growing tensions with Russia. While cyberattacks are typically financially motivated, recent cyberattacks from Russia and other nation-states are being conducted for a nefarious and political purpose: to disrupt and destroy networks. With the threat of war in Europe looming, companies should review their incident response plans to ensure they are current, realistic, and account for a variety of cyberattacks.

As cyberspace becomes a new battleground for competing powers to confront one another, cyberattacks are less about money and more about wreaking havoc on an adversary’s networks. Instead of ransomware, politically motivated hackers, such as those currently conducting attacks on Ukranian systems, typically use data-wiping malware and distributed denial-of-service (“DDoS”) attacks.1 These types of attacks can be more dangerous than cash-grab ransomware attacks because in many cases, the initially accessed system is not the final target. Instead, the target systems are attacked because they play a role in critical infrastructure, such as airport and power grid management.  Russian cyberattacks often include disinformation campaigns which can cause confusion regarding the scope or consequences of an attack. Internet news sources should be scrutinized for reliability, and companies should identify reliable information streams now.

Mandiant, a cybersecurity company that tracks nation-state cyber activity, warned that although the consequences of cyberattacks can be devastating for companies, the main goal of nation-states launching offensive cyber activity is to create worry and uncertainty. The U.S. Cybersecurity and Infrastructure Security Agency echoed this sentiment, warning Americans that as Russia continues its advances against Ukraine, cyberattacks may lead to collateral supply chain impacts. Because there is little slack in the world’s supply chains to absorb disruptions, disruption to the supply chain would certainly fulfill a primary goal of wartime cyberattacks: to cause panic and frustration.

As NATO-aligned countries respond to Russia’s invasion of Ukraine and brace for retaliatory cyberattacks, organizations should be assessing supply chain risks, patch management plans, and other cyber hygiene protocols. Companies should ensure all software is up-to-date, especially Log4j vulnerabilities, and prioritize applying critical patches. Companies should also consider running tabletop exercises to ensure that employees understand the plan and their role, and then test different scenarios to make sure the plan works for different types of cyberattacks. 

FOOTNOTE

1.  DDoS attacks render websites unreachable by flooding them with junk data.

© 2022 Bracewell LLPNational Law Review, Volume XII, Number 56
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Philip Bezanson, white collar criminal defense, securities, attorney, Bracewell
Managing Partner, Seattle

Philip J. Bezanson's practice focuses on white collar criminal defense, internal investigations, securities enforcement and regulatory matters.

Mr. Bezanson is a member of the Bracewell & Giuliani LLP team that has represented corporate and individual clients in recent high-profile and complex cases, including the Deepwater Horizon explosion, the George Washington Bridge lane closure and General Motors ignition switch investigations, "Pay to Play" cases in New York, New Mexico and Illinois, the stock options backdating cases, and a variety...

212-508-6138
Seth DuCharme Insurance Lawyer Bracewell LLP
Partner

Seth DuCharme draws on his 14 years of experience as a senior-level law enforcement officer to advise companies and individuals on cases involving cybersecurity and breach response, Foreign Corrupt Practices Act (FCPA) diligence and litigation, export controls, sanctions compliance and anti-money laundering.

Seth served in the United States Attorney’s Office for the Eastern District of New York from 2008 through 2021. He held various positions at the Eastern District, including Chief of the Criminal Division, Chief of the National Security & Cybercrime Section, and Acting United...

212-508-6165
Brittney Justice Litigation Attorney Bracewell
Associate

Brittney Justice represents clients across a range of industries in litigation and government enforcement and investigations in federal and state courts. She provides advice on diverse matters, including securities litigation, complex commercial disputes, environmental claims and government investigations. 

Prior to joining Bracewell, Brittney was a legal intern with Texas’ First Court of Appeals.

202.828.1744
Claire Cahoon Litigation Attorney Bracewell Law Firm
Associate

Claire Cahoon focuses her practice on complex commercial litigation and appeals. Prior to joining Bracewell, Claire served as a legal extern in the United States Attorney’s Office for the Northern District of Texas.

Education

Southern Methodist University Dedman School of Law, J.D.

2020 - magna cum laude

University of Southern California, B.A.

2016 - magna cum laude

Bar Admissions

Texas

Languages

Spanish — proficient

713.221.1428
Advertisement
Advertisement
Advertisement