The National Cyber Security Centre (NCSC, a part of GCHQ) has warned UK organisations and consumers to consider the risk of using Russian technologies amid the ongoing war in Ukraine, and the change in attitude of the Russian Leadership toward the West. The NCSC went on to add comment that Russian firms may be compelled by law to comply with the country’s Federal Security Service (FSB) – although there is no evidence that this has occurred yet – however, it is yet another tool in the toolbox of Russian Hybrid Warfare, so take note.
In several articles which have been published on the Internet, focus has been placed on the Russian Anti Malware Provider Kaspersky.
So where does the concern arise from when it comes to any Digital Assets in the West being serviced out of Russian software solution?
Consider an actual Anti-Malware solution running on the average server, workstation, laptop or even cell phone. In this technological implementation we have an application which is most likely running with high system privileges, and one which loads at boot-time into the kernel before many other software objects are allowed entry. This means, as I have always said, if you can compromise such an application as an Anti-Malware solution with a corrupt and malicious update, potentially you own that asset, or even network, which may then be manipulated or comprised to the end objective of the attacking, adverse actor – I will leave it to your imagination to work out the real-world implications of what such an onboard compromise could be!
In fact, no matter the software application involved, whilst it may safe and secure at time of install, there is nothing to say that sometime in the future, one of those urgent updates may be the one that punches a hole right through your firewall – you have been warned, so take note.
John is the Principle at Shadow-Intelligence (Si), partnering with PALISCOPE, BreachAware and iStorage. He is a Visiting Professor at the School of Science and Technology, Nottingham, Trent University (NTU) and holds the appointment of Editor in Chief for the International Journal of Cyber Forensics and Advanced Threat Investigations (CFATI). For the last decade he has delivered training courses in the Middle, and Far East to Commercial, Industrial, the Financial Services Sector, and Military Agencies, including the UAE, US, Pakistan, Saudi Arabia, Malaysia (KL), Singapore, Argentina, and Sao Paulo
He served in the Royal Air Force 22 years’, specialising in Counterintelligence, working with UK Agencies such as GCHQ/CESG, and others in the fields of SIGINT, COMINT and Satellite Communications, holding appointments such as System ITSO for a CIA SCIF.
In the commercials sectors of IT/Cyber he has worked for/with Logica, Bae, T5, GM, Experian, Betfair, Palace of Westminster, House of Lords/Commons, TSol (Treasury Solicitors) and provided Consultancy to the Saudi Arabian MOD, TRA (Telecommunications Authority (Dubai) and the Military Academy of Malaysia (KL) on SOC, CSIRT, Digital Forensics and OSINT. Within the last 5 years he has focused on Geopolitics, with global expertise around the UAE and Russia, Anti-Terrorist Operations (ATO), Cyber-Warfare, Dezinformatsiya (Disinformation) and Maskirovka (Military Deception).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.