FBI confirms increase in Russian cyber scanning of U.S. companies
Assistant Director of the Cyber Division at the Federal Bureau of Investigation Bryan Vorndran speaks at a hearing with the House Committee on Oversight and Reform on November 16, 2021 in Washington, D.C. Anna Moneymaker/Getty Images
By
Chris Riotta
A senior FBI official suggested potential cyber attacks were coming amid increased Russian-linked cyber scanning activities targeting major U.S. businesses and tensions with the Kremlin over its invasion of Ukraine.
The FBI has confirmed an increase in Russian cyber scanning of U.S. networks amid a deluge of warnings from top officials about potential disruptive activity impacting critical infrastructure and major energy corporations.
Bryan Vorndran, assistant director of the FBI's Cyber Division, told the House Judiciary Committee on Monday that "instances of Russian scanning have increased" within the last month, indicating Russia-based computers have been probing U.S. networks for vulnerabilities while potentially planning a wave of cyberattacks.
"In order for a criminal to conduct a bank robbery, it's undoubtedly true that the criminal is going to conduct reconnaissance surveillance to understand … what the security posture might look like," Vorndran told lawmakers, describing cyber scanning as a similar "reconnaissance phase" and "an extremely important part of the overall attack cycle."
"We have absolute strategic warning that Russia plans to hit us," Vorndran added of potential Russian-linked cyber attacks.
The statement follows an FBI bulletin issued on March 18 and reported on by CBS News said the Bureau identified Russian-linked scanning activity targeting at least five U.S. energy companies and 18 other U.S. businesses specializing in everything from information technology to financial services and the defense industrial base.
Vorndran recommended businesses immediately build "proactive" relationships with their FBI field offices and local representatives for the Cybersecurity and Infrastructure Security Agency , as well as develop a defined incident response plan that can be exercised every 90 days. He also called on companies to report any cyber incidents to the FBI, while expressing support for recent incident reporting bills which Congress passed in part as a response to the SolarWinds ransomware attack.
"Anything that makes us stronger through legislation in terms of information sharing, transparency, understanding vulnerabilities, we're absolutely supportive and willing to look at," he said, adding that the FBI has "been in the ballpark in the last three weeks" in providing tactical warnings of imminent cyber threats to U.S. entities in part thanks to increased information sharing.
Warnings of Russian-linked cyberattacks targeting the U.S. have come from the nation's leading cyber experts, including CISA Director Jen Easterly, who said on CNN recently that all businesses, including critical infrastructure operators and owners, "need to assume that disruptive cyber activity is something that the Russians are thinking about" and planning to carry out.
The agency hosted a three-hour call last week with more than 13,000 industry stakeholders in which Easterly and other CISA officials urged business leaders to implement recommendations featured in its "Shields Up" campaign, including the mandatory use of multi-factor authentication, running exercises of emergency cyber incident plans and encrypting data, among other mitigation procedures.
President Joe Biden has also warned of Russian-linked cyber attacks in recent days, amid ongoing tensions with the Kremlin over its invasion of Ukraine.
"The more [Vladimir] Putin's back is against the wall, the greater the severity of the tactics he may employ," Biden said. "One of the tools he's most likely to use, in my view, in our view, is cyber — cyberattacks … Russia's cyber capacity is fairly consequential, and it's coming."