Cyber Threats Interview with Homeland Security Advisory Council’s Dmitri Alperovitch: From Russia to Ransomware

Why Trust Techopedia

As Russia’s invasion of Ukraine continues, there have been reports of multiple cyberattacks alongside a steady stream of cybersecurity warnings.

The situation crystallizes how kinetic warfare (the physical damage of bombs, guns, and explosives) is now fully intertwined with cyber warfare — along with how cyber attacks are changing.

Dmitri Alperovitch, who serves on the Homeland Security Advisory Council and was named one of Foreign Policy’s Top 100 Leading Global Thinkers, told Techopedia: “When you look at the cyberattacks that are taking place in Ukraine since the war began, they have evolved.”

They started out as destructive in nature, he says, such as the most destructive one — an attack on American communications company Viasat that took down some of the satellite communications devices in Ukraine in the early hours of the war.

Then the attacks shifted to a largely espionage campaign that involved the Russians working to penetrate Ukrainian networks, such as government networks and military networks, to gain a tactical advantage on the battlefield and collect intelligence on the Ukrainians, according to Alperovitch.

“And since late last year, there has been a switch back to a destructive campaign, which is an indication that the Russians are trying to think more strategically about how to use attacks to potentially facilitate their kinetic campaign.”

Techopedia sits down with Dmitri Alperovitch to talk about the state of cybersecurity amid ongoing global cyber warfare.

Advertisements

About Dmitri Alperovitch

Dmitri Alperovitch
Dmitri Alperovitch

Dmitri Alperovitch is the co-founder and executive chairman of Silverado Policy Accelerator, a think-tank focused on policy solutions in national security, trade and industrial security, and ecological and economic security.

Alperovitch was the co-founder and former CTO of cybersecurity company CrowdStrike Inc. and the author of “World on the Brink: How America Can Beat China in the Race for the Twenty-First Century“.

Alperovitch serves on the Homeland Security Advisory Council of the U.S. Department of Homeland Security and is a founding member of the Department of Homeland Security’s Cyber Safety Review Board.

He has previously served as a special advisor to the U.S. Department of Defense and has been named as one of MIT Technology Review’s Top 35 Innovators Under 35. He is the host of Silverado’s Geopolitics Decanted podcast.

Key Takeaways

  • Author, podcaster, and Homeland Security adviser Dmitri Alperovitch talks cybersecurity amid global cyber warfare.
  • We live in a digital age where every system is now becoming a network system — susceptible to cyber threats and potentially easy to disrupt.
  • Dealing with more than 10 years of cyberattacks has helped build muscle memory and expertise for the Ukrainian cyber defense unit against the Russian onslaught.
  • Alperovitch says the primary challenge in cyber warfare, particularly from Russian cybercrime groups, is ransomware.

Cybersecurity and the War Between Russia and Ukraine

Q: Russia’s intelligence services are world-renowned for executing creative, destructive cyber campaigns. How has Ukraine withstood Russia’s onslaught in the cyber domain?

A: Ukrainians have had the benefit of 10 years of experience dealing with Russian cyberattacks, going back to 2014. There were the Petya attacks back in that timeframe, the Bad Rabbits [a strain of ransomware], and a range of cyberattacks that they faced prior to the war in January 2022.

These have helped build muscle memory and expertise for the Ukrainian cyber defense unit, both in the private sector and the government.

So, Ukrainians have gotten really good at rebuilding networks, helping with forensics, and investigating cyber incidents. This has dramatically improved their ability to recover from these destructive attacks.

Q: Why has the support of global tech companies, such as Alphabet and Microsoft, been instrumental in Ukraine’s cyber defense efforts?

A: Ukraine is facing an onslaught of intrusions from the GRU Russian military intelligence literally on a daily basis across its military, government, civilian government, and private sector networks.

It is leveraging its own capabilities, as well as those of its Western allies and private sector firms, to try to identify those intrusions as early as possible and, if that’s not possible, to recover from them quickly.

A number of those private sector companies have provided free services and free intelligence to the Ukrainians to help them defend their networks and identify and respond to incidents. So, the Ukrainians are incredibly appreciative of those efforts.

Q: How do you see the role of cybersecurity evolving as the war between Russia and Ukraine continues?

A: When you look at the attacks that have taken place in Ukraine since the war began, they have evolved. They started out as destructive in nature. The most destructive one was the attack on American communications company Viasat which took down some of the satellite communications devices in Ukraine in the early hours of the war.

Then [the attacks] shifted to a largely espionage campaign where the Russians have been focused on penetrating Ukrainian networks, i.e., government networks, and military networks, to gain a tactical advantage on the battlefield and collect intelligence on the Ukrainians.

And what we’ve been seeing since late last year is a switch back to a destructive campaign. And this time targeting telecommunication services in particular, most prominently targeting the Kyivstar telecommunications service that was taken down in mid-December for a few days.

And that is an indication that the Russians are trying to think more strategically about how to use destructive attacks to potentially facilitate their kinetic campaign.

One of the things that taking down mobile services in Ukraine does is interfere with the ability of Ukrainians to conduct effective air defense to warn the population of incoming strikes.

In addition, Ukraine also uses mobile communications extensively to coordinate their mobile air defense units that are shooting down the Iranian Shahed drones and the Western missiles that are flying at Ukrainian cities.

Challenges Posed by Organized Crime in Cyber Warfare

Q: When intelligence agencies warn of potential cyberattacks, why is it critical to take those warnings seriously?

A: When there is specific intelligence about an upcoming cyberattack, it is certainly foolhardy to ignore it. Unfortunately, the intel is often not that specific. In fact, it rarely is.

So it’s rare to get a very actionable notice that comes in just in time about the target and the nature of the attack. Oftentimes, these notices are quite generic in nature.

Q: What are the challenges posed by organized crime groups in cyber warfare?

A: Right now, the primary challenge in cyber warfare, particularly from Russian cybercrime groups, is ransomware.

They’re launching attacks not just against Ukraine but primarily against Western targets to extort money from a range of companies, both small and large.

In the West, particularly in the last couple of years, we’ve seen an onslaught of attacks against the healthcare system.

Hospitals and billing providers have been experiencing quite significant attacks that have impaired the ability to provide healthcare services, particularly in smaller hospital chains. So it’s a huge national security problem.

On the U.S. and Its Cybersecurity Strategy

Q: Why does there need to be an increased focus on cybersecurity in this digital age?

A: As you said, we live in a digital age where every system is now becoming a network system that is susceptible to cyber threats and can be disrupted.

So, the ability of cyber to affect our daily lives, both in terms of the espionage that can be conducted against us and disruption to our daily activities, is very significant.

Q: How should government, cybersecurity practitioners, and policy experts work together to accelerate policies that will enhance America’s cyber deterrence, defend against cyberattacks, and protect American intellectual property and national security?

A: It’s important to foster collaboration between government and the private sector.

One example is the U.S. Cyber Safety Review Board, which President Biden established in 2021. I have the honor of serving on it.

It includes members of the private sector, [such as] myself, and all the federal cyber leads from the [Department of Homeland Security, the U.S. Department of Defense, the U.S. Department of Justice], and the FBI.

We work together to review major cyber incidents of national importance and make recommendations for the U.S. government and industry on how to work better.

Q: Can you talk about your work on the Cyber Safety Review Board?

A: We’ve done two reviews so far. The first one when the board was just stood up [the board was established on Feb. 3, 2022] was the review of the log4j vulnerability affecting a major open source technology and many products that incorporate that technology. The log4j security package was one of the most consequential security vulnerabilities that we’ve seen in recent years.

The second was a review of Lapsus$ and related cybercriminal organizations. We found that they were able to infiltrate all the major technology companies using fairly unsophisticated techniques. They primarily utilized social engineering to break into those companies and steal sensitive data.

So, we wanted to review the fundamental failures we have seen across the ecosystem — both the digital ecosystem and the supporting infrastructure, such as the telecommunication networks used for SMS two-factor authentication.

We found that these groups were leveraging SMS two-factor authentication utilizing a technique known as SIM swapping, which effectively clones phone numbers and receives those two-factor authentication codes.

We had a range of recommendations, including that the government investigate the specific tactics of SIM swapping. The Federal Communications Commission has responded and is working with industry to try to address this.

We are currently looking at the Microsoft Exchange compromise that took place in the summer of 2023. We are doing a review of an incident that enabled the compromise of the email accounts of major U.S. government officials, including the Secretary of Commerce.

Q: Why is it critical for the United States to modernize its cybersecurity strategy and infrastructure?

A: The United States has modernized its cybersecurity strategy. In fact, the new strategy was just released last year by the Office of National Cyber Director, a new office inside the White House. In the last few years, the government has made a range of efforts, starting with the executive order released in May 2021.

It focused on a range of issues, including revamping the federal government’s security architectures. The executive order focused particularly on zero-trust architectures and secure-by-design principles, which are being promoted by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. I think we’re making progress. We’ve got a long way to go, but we’re making the right strides.

Advertisements

Related Reading

Related Terms

Advertisements
Linda Rosencrance
Tech Journalist
Linda Rosencrance
Tech Journalist

Linda Rosencrance is a freelance writer and editor based in the Boston area with expertise ranging from AI and machine learning to cybersecurity and DevOps. She has covered IT topics since 1999 as an investigative reporter for several newspapers in the greater Boston area. She also writes white papers, case studies, e-books, and blog posts for a variety of corporate clients, interviewing key stakeholders including CIOs, CISOs, and other C-suite executives.