The United States is warning of potential threats to its satellite
networks amid concerns that recent attacks on satellite networks in Europe may soon spread to the United States.
A joint advisory between the Agency for Cybersecurity and Infrastructure and the FBI urges satellite network providers and critical infrastructure organizations that rely on satellite networks to strengthen their cyber defenses due to the increased likelihood of cyberattacks, warning that successful intrusion could create risks in their clients’ environments.
While the advisory from the United States did not mention specific sectors, the use of satellite communications is widespread across the United States.
It is estimated that about eight million Americans rely on satellite communications networks to access the Internet.
Grids are used in a large number of industries, including aviation, government, media, and the military, as well as gas utilities and electricity service stations located in remote locations.
The military, in particular, should be concerned, as the latest cyber attack to hit Viasat, which cut off contact for tens of thousands of customers in Europe in February, shows the damage that can be done.
The military in Ukraine used this type of satellite station. A representative of the Ukrainian army admitted that it was a huge loss for them in terms of communications. As a result, this is one of the most affected sectors at the moment.
A successful attack could become a safety threat in the maritime industry, for example. Ships use satellite communications for safety operations.
The US warns after Viasat cyber attack
The joint US advisory comes days after reports that Western intelligence agencies have opened an investigation into the cyberattack that hit Viasat’s KA-SAT network last month, causing a massive communications outage across Europe at the start of the Russian invasion.
The outage affected satellite internet services for tens of thousands of customers in Ukraine and elsewhere in Europe and shut down nearly 5,800 wind turbines in Germany.
The cyberattack was originally thought to be caused by a distributed denial of service (DDoS) attack. But this has since been called into question.
Viasat has not yet provided technical details. But it confirmed that the attackers took advantage of the wrong setting in the satellite network administration section to remotely access modems. This indicates that the attackers most likely spread a malicious firmware update across terminals.
It is possible that the attackers were able to hack a ground station to issue an order by abusing a legitimate control protocol that spread the malicious firmware update across the stations.
It is believed that the cyber attack was an attempt to disrupt communications through Ukraine during the early stages of the Russian invasion. This is given that Viasat provides a satellite communication service for the Ukrainian army.
A Viasat spokesperson said: “We currently believe this was a deliberate, isolated, and external cyber event. The company’s efforts have stabilized the KA-SAT network.
He added: “Viasat is working with distributors to restore service to European users affected by this event.” We focus on critical infrastructure and humanitarian assistance. We continue to make significant progress and multiple resolution efforts have been completed while others are in progress.