CISA, FBI warn of threats to US satellite networks after Viasat cyberattack

The U.S. government is warning of “possible threats” to satellite communication networks amid fears that recent attacks on satellite networks in Europe, sparked by the war in Ukraine, could soon spread to the United States.

A joint CISA-FBI advisory published this week urges satellite communication (SATCOM) network providers and critical infrastructure organizations that rely on satellite networks to bolster their cybersecurity defenses due to an increased likelihood of cyberattack, warning that a successful intrusion could create risk in their customer environments.

While the advisory did not name specific sectors under threat, the use of satellite communications is widespread across the United States. It’s estimated that about eight million Americans rely on SATCOM networks for internet access. Ruben Santamarta, a cybersecurity expert who specializes in analyzing satellite communications systems, told TechCrunch that networks are used in a wide number of industries, including aviation, government, the media, and the military, as well as gas facilities and electricity service stations that are located in remote places.

The military, in particular, should be concerned, according to Santamarta, who says that the recent cyberattack that hit SATCOM provider Viasat, which knocked tens of thousands of customers in Europe offline in February, shows the damage that can be done.

“The military in Ukraine was using this kind of satellite terminal,” Santamarta tells TechCrunch. “It has been acknowledged by one of the representatives of the Ukrainian army that it was a huge loss for them in terms of  communications, so obviously that’s one of the most significant sectors that are affected right now.”

Santamarta said for the maritime industry, for example, a successful attack could become a safety threat rather than solely a cybersecurity issue. “Vessels use satellite communications for safety operations, so if they have to send a distress call, this can be sent over a radio frequency or a SATCOM channel. If you can’t send that kind of distress call, that’s a problem,” he said.

Read more on Ukraine

The joint U.S. advisory comes days after Western intelligence agencies reportedly launched an investigation into the cyberattack that hit Viasat’s KA-SAT network last month, causing a massive communications outage across Europe at the outset of Russia’s invasion.

The outage, which has not yet been fully resolved, affected satellite internet services for tens of thousands of customers in Ukraine and elsewhere in Europe, and disconnected roughly 5,800 wind turbines in Germany.

The cyberattack was originally believed to be the result of a distributed denial of service (DDoS) attack, but this has since been thrown into doubt. Viasat hasn’t yet provided technical details but has confirmed that attackers leveraged a misconfiguration in the management section of the satellite network for remote access to modems. According to Santamarta, this suggests that the attackers likely deployed a malicious firmware update to the terminals.

“The attackers likely managed to compromise or spoof a ground station… to issue a command by abusing a legitimate control protocol… that deployed a malicious firmware update to the terminals,” Santamarta said in his analysis of the attack.

Given that Viasat provides its satellite communication service to the Ukrainian military, it’s believed the cyberattack may have been an attempt to disrupt communications across Ukraine during the early stages of Russia’s invasion.

“We currently believe this was a deliberate, isolated and external cyber event,” said Viasat spokesperson Chris Phillips. “Viasat’s continuous and ongoing mitigation efforts have stabilized the KA-SAT network.” Phillips rebuffed claims made by Michael Friedling, commander of the French Space Command, who said in a tweet that Viasat customer terminals had been rendered “permanently unusable” as a result of the incident.

“Viasat is actively working with distributors to restore service for those fixed broadband users in Europe impacted by this event, with a priority focus on critical infrastructure and humanitarian assistance,” added Phillips. “We continue to make significant progress and multiple resolution efforts have been completed while others are underway.”

The government’s advisory said U.S. organizations should “significantly lower their threshold for reporting and sharing indications of malicious cyber activity” due to the heightened risk of similar attacks targeting SATCOM networks.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter