Cyber Security Threat Summary:
“The cyber-attack on US firm Viasat’s KA-SAT satellites in Ukraine on February 24, 2022, prompted one of the largest formal attributions of a cyber-attack to a nation-state in history. Nearly 20 countries accused Russia of being responsible, including a dozen EU member states and the Five Eyes countries (US, UK, Australia, New Zealand and Canada). This cyber intrusion, which preceded Russia’s invasion of its neighbor by just a few hours, was thoroughly discussed during the third edition of CYSAT, an event dedicated to cybersecurity in the space industry that took place in Paris, France on April 26-27, 2023” (Info Security Magazine, 2023).

The cyberattack which has been given the name AcidRain, has a limited impact on Ukraine’s military operations, only because Viasat’s satellites were only used as a backup system. A similar attack on a more crucial communication channel could be devastating, and there are many lessons we can learn from this event.

Security Officer Comments:
AcidRain was carried out in three stages, with the attackers first running a denial of service (DoS) attack against internet modems across Ukraine. This disruption allowed the attackers to enter a ground-based satellite network in which Viasat’s KA-SATs were running. The attackers then exploited a vulnerability in a Fortinet VPN device. This gave the attackers access to the management system of this ground-based network, which they used to drop a piece of wiper malware to erase hard drives of modems, disconnecting them from the KA-SAT network.

Researchers wish Viasat would have released more information about the attack, claiming further technical forensic information could help threat intelligence providers and security researchers prepare a better incident response for similar attacks in the future.

If any positives did come from the attack, researchers say the attack helped policymakers better acknowledge the threat of attacks to commercial telecommunication satellite systems. These systems can be important targets to adversaries, especially in times of armed conflicts.

Suggested Corrections:
EU officials say improvements to security were already underway before the Viasat attack and conflict with Ukraine.

“First, the EU started implementing changes to improve the space industry’s cybersecurity posture with the second phase of the Network & Information Systems (NIS2) directive, proposed in 2021 and adopted in November 2022. “Within NIS2, space is now considered critical infrastructure for the first time, which will allow the regulators to mandate the space sector to implement more cybersecurity measures.”

The measures have been called “a good step forward,” but space companies will need to be willing and able to receive help to comply with the new measures. The EU says, “If you look at all national space laws today, none requests someone who wants to launch a telecommunication satellite to implement any cybersecurity. So, I think each nation-state should work on including cybersecurity provisions in their requirements.”

“The EU Commission and the EU Agency for the Space Programme (EUSPA) are going to launch the first space-focused Information Sharing and Analysis Center (ISAC) in 2024, which will also help private space companies collaborate in cybersecurity” (Info Security Magazine, 2023).

Finally, experts noted that IRIS2, the EU’s future multi-orbit constellation, “has been designed with cybersecurity in mind from the beginning.”

Other suggestions included improving the cybersecurity posture of the space industry as a whole. Nations should work to better segregate their military and civilian infrastructure. Around 80% of telecommunication satellites used by the armies are coming from commercial companies. “Because these are not always well protected against cyber-attacks, they are increasingly attractive targets. “They’re even more attractive than military infrastructure, which is used to being attacked, and thus generally better protected. And, at the beginning of the war in Ukraine, some space companies voiced their concerns of a lack of a clear process for responding and reporting an attack” (Info Security Magazine, 2023).

Link(s):
https://www.infosecurity-magazine.com/news/takeaways-russian-cyberattack/