White House Warning Today

2 min read

The White House has just warned Americans that “the Russian Government is exploring options for potential cyberattacks.”

In a statement released just hours ago, President Biden said that Russia is looking at cyberattacks as a response to the recent economic sanctions. While we did discuss this in the urgent panel discussion a couple of weeks ago, the White House news release indicates a clear threat.

The White House is asking every U.S. organization to harden cyber defenses immediately with a list of steps that we discussed in the panel discussion.

An attack from Russia could come in multiple different forms: impact on critical services, impact on the supply chain, theft of money, or something else. Please check your Incident Response Plan and make sure you are monitoring your network 24x7 if you are not already doing so.

When we met and had the Urgent Panel about the Russia Ukraine War, we warned about the “double edged sword of vigilante justice” and talked about the dangers of “hacktivism.”

In case you missed it, a big story broke a few days ago. The California-based maintainer of a piece of open-source code sabotaged his own code as an attack against Russia. The idea was that any system running the code from Russia or Belarus (which has taken Russia’s side in the war), would be wiped. Facing massive backlash over the weekend, the wiper was taken out of the code and replaced with a message about peace.

If you want details about Javascript module node-ipc, you can read about it here and here.

An Analogy for the Non-Technical

Let’s say that you have milk delivered to your house. You don’t really know where the actual milk comes from, but you trust the delivery service. Let’s say the dairy farmer gets mad and puts a specific kind of poison in the milk that only activates and impacts people in one zip code but has no health effects in any other zip code.

And the milk knows it’s in one of the “poison” areas because it reaches out to a specific geolocation service. And, if that geolocation service gets it wrong, too bad, the poison is activated.

When the news broke, Critical Insight immediately checked to make sure we aren’t using any of the impacted code. In this case, we were not, but we also use code from our own repositories which we curate for this reason (as well as operational stability), so would not have been affected by the original developer uploading into the public repository, at least for a few months. Since this was exposed quickly, that buffer would have also worked for us.

As a recommendation, check in with your developers to see if you are using node-ipc. You can also search your code for references to node-ipc.

But this will likely not be the only time code is impacted by the war in Ukraine. Much of open source that is used by developers everywhere is maintained by volunteers, many of whom have opinions on social and political events of the day and are becoming emboldened.

Critical Insight’s Recommendations

Be ready for impacts to your network and organization. Make sure you have 24x7 threat monitoring, investigation, and a plan for incident response.

Critical Insight can assist with preparation, detection, and response. But regardless of whether you work with us or another provider, now is the time to be ready for anything.