The US government is warning of “potential threats” to satellite networks amid concerns that recent attacks on satellite networks in Europe, inspired by the war in Ukraine, could soon spread to the United States.
A joint CISA-FBI bulletin published this week called on satellite communications network providers (SATCOM) and critical infrastructure organizations that rely on satellite networks to bolster their cybersecurity due to the heightened risk of cyberattacks, and to warn that there is a risk of a successful intrusion into their client environment.
Although the bulletin does not identify specific areas of risk, the use of satellite communications is widespread in the United States. It is estimated that about eight million Americans use the SATCOM network to access the Internet. Ruben Santamarta, a cybersecurity expert who specializes in analyzing satellite communications systems, told gaming-updates that the network is being used by a wide variety of industries, including aviation, government, media and military, and the gas industry in remote locations. facilities and filling stations. ,
The military should be particularly concerned, Santamarta said, given the recent cyberattack on satellite provider Viasat that left thousands of customers in Europe without service in February, a sign of the damage that could be done.
“The military in Ukraine used such satellite terminals,” Santamarta told gaming-updates. “One of the representatives of the Ukrainian military acknowledged that this was a big loss for them in terms of communications, so this is clearly one of the most important areas that are currently suffering.”
For example, Santamarta told the maritime industry that a successful attack could become a security threat, not a cybersecurity issue. “Ships use satellite communications for safety, so if they need to send a distress signal, it can be done via radio frequency or satellite. If you can’t make emergency calls that way, that’s a problem,” he said.
The joint US news release comes days after Western intelligence agencies launched an investigation into an alleged cyberattack that hit the Viasat Ka-Sat network last month, disrupting communications across Europe at the start of the Russian offensive.
The outage, which has yet to be fully resolved, affected satellite internet services for thousands of customers in Ukraine and elsewhere in Europe, and shut down some 5,800 wind turbines in Germany.
The cyberattack was originally thought to be the result of a distributed denial of service (DDoS) attack, but has since been questioned. Viasat has yet to provide technical details, but has confirmed that the attackers used a misconfiguration to control the satellite network for remote modem access. According to Santamarta, this suggests that attackers may have applied a malicious firmware update to the terminals.
“The attackers were likely able to compromise or spoof the ground station using a valid control protocol… that applied a malicious firmware update to the terminals,” he said. Santamarta in his analysis of the attack.
Since Viasat provides its satellite communications services to the Ukrainian military, it is believed that the cyberattack was an attempt to disrupt communications throughout Ukraine in the early stages of the Russian offensive.
“We currently believe this was a deliberate, isolated and remote cyber incident,” Viasat spokesman Chris Phillips said. “Visat’s sustained and ongoing mitigation efforts have stabilized the KA-SAT network.” Philips dismissed claims by French Space Command commander Michael Friedling, who said: on twitter As a result of the incident, Viasat’s client terminals were permanently disabled.
“Viasat is actively working with distributors to restore service to fixed broadband users in Europe affected by this incident, with a focus on critical infrastructure and humanitarian assistance,” said Philips. “We continue to make significant progress and several resolution efforts have been completed while others are ongoing.”
The government’s advice says US organizations should “significantly lower their threshold for reporting and sharing signs of malicious cyber activity” due to the increased risk of such attacks targeting satellite communications networks.