Minnesota companies beware: Threats of Russian cyberattacks on rise

It's been an intense couple of weeks on the cyberdefense front for Minnesota companies, given the geopolitical unrest because of the Russian invasion of Ukraine.

Aaron Shilts, CEO of NetSPI, a Minneapolis network security company, said given the number of Fortune 500 and other large companies in the Twin Cities, this region could be a target of Russian hackers.

"As you go up in size, you become more of a target," Shilts said. "We work with a lot of financial services companies out east, and I know they're certainly nervous. I don't know if [the adversaries the really discriminates based on geography], but I think we have a lot of companies that could be a target."

President Joe Biden earlier this week reiterated warnings of potential cyberattacks from Russia "based on evolving intelligence that the Russian government is exploring [such options]."

"Most of America's critical infrastructure is owned and operated by the private sector, and critical infrastructure owners and operators must accelerate efforts to lock their digital doors," Biden said.

With economic sanctions against Russia in retaliation for the invasion of Ukraine, the threats are higher, the administration said.

Over the past few weeks, the staff at NetSPI have been in communication with clients, including those in Minnesota, who are understandably concerned about Russian cyber counterattacks, Shilts said. NetSPI specializes in working with large enterprises to test and assess their network security systems.

"We certainly are very concerned about counterattacks," Shilts said. "When we're leveraging massive sanctions, and there's almost a global alliance leveraging massive sanctions, what do you do to fight back? If you're Russia, I think their cyber counterattack is a big part of that threat coming back."

Arctic Wolf, an Eden Prairie-based cybersecurity operations company that has raised more than $400 million from private investors in the past two years, advises organizations create response plans, educate employees, deploy multifactor authentication (MFA) and test ransomware and disaster readiness to protect themselves from Russian hackers.

MFA requires a user to present a combination of two or more credentials to verify their identity. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) released on March 15 a joint advisory, warning organizations that Russian state-sponsored cyber actors have previously gained network access through exploitation of default MFA protocols.

Per CISA, as early as May 2021, a Russian state-sponsored cyberattack on a non-government organization led to hackers gaining access to cloud and email accounts for document exfiltration of that organization.

Shilts said companies in Minnesota should be proactive and be on the offensive and patch their online security systems, whether they be on smartphone or on computer.

"Flaws left unpatched can be exploited by nation states," he said.

In addition to private documents being exposed and exploited, cyberattacks can lead to companies having to pay millions of dollars in ransom, which can still result in damaged systems once ransoms are paid, or to suffering reputational damage, Shilts said.

A new era of work-from-home operations for workers may have added challenges to companies trying to protect its systems from hackers, he added.

"[There is a] new set of risks as workloads move outside of a traditional perimeter and brick and motor; it's harder to maybe understand where your data resides if it's in a variety of cloud implementations," Shilts said. "If you don't know where your people are, and you're not sort of badging in everyday, how do you authenticate your people?"

In his message, Biden implored the nation's private sector to increase its cybersecurity.

"If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year," Biden said. "You have the power, the capacity and the responsibility to strengthen the cybersecurity and resilience of the critical services and technologies on which Americans rely."