Security Expert: FBI, Microsoft Strikes Against Hackers Are Harbinger Of More Pre-Emptive Actions

James Morrison, CISO of Ntirety and a former FBI computer scientist, says the actions are a sign of the tense times, with increasing global cyberattacks and threats against government agencies and private institutions.

First the FBI. Now Microsoft.

A day after the FBI revealed last week that it had pre-emptively disrupted a Russian-government backed botnet, Microsoft revealed that it had proactively thwarted an attempt by Russian hackers to attack Ukrainian entities.

James Morrison, who spent 22 years with the FBI as a senior computer scientist focused on cybersecurity, cybercrime and ransomware and is now CISO at Spring, Texas-based Ntirety, said he believes that the FBI and Microsoft’s aggressive actions are a harbinger of more pre-emptive strikes to come amid the ongoing war between Russia and Ukraine and heightened concerns over cybersecurity in general.

[RELATED: Huntress CEO On FBI Disrupting Russian Hackers: ‘I’m Pumped’]

“It’s not a coincidence,” said Morrison, adding, however, that he’s not saying the FBI and Microsoft collaborated behind the scenes on their separate actions against Russian cyberintruders.

Instead, he said, the actions are more a sign of the tense times—with increasing global cyberattacks and threats against government agencies and private institutions alike. Indeed, he noted that cyberattacks have increased by 800 percent since the start of the Russian-Ukrainian war, based on data from the FBI and Homeland Security.

As for Microsoft’s recent action against Russian hackers, he said it’s a “good thing” for cybersecurity in general. But he said a “little caution” is in order because such strikes must be legally permissible in each case.

In a blog entry posted late Thursday, Tom Burt, a Microsoft corporate vice president, customer security and trust, stressed that Microsoft obtained a court order before it moved against the Russian group, known as Strontium, which has been linked to Russian intelligence services.

In his blog post, Burt said that Strontium, which Microsoft has been tracking “for years,” was attempting to seize control of seven internet domains to launch attacks against Ukrainian institutions, including media organizations.

“[Strontium] was also targeting government institutions and think tanks in the United States and the European Union involved in foreign policy,” Burt wrote.

“We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information. We have notified Ukraine’s government about the activity we detected and the action we’ve taken.”

Morrison noted that Microsoft has been monitoring Strontium for a while now and that the current Russian-Ukrainian war has clearly presented an “opportunity for Microsoft to clean up something on its radar.”

He added: “Microsoft has a very robust threat-hunting team.”

Morrison added Microsoft may have “set the stage” for other major corporations to take pre-emptive action against hackers.

As for the FBI, it also said it obtained a court order before it secretly removed malware from computer networks around the world to prevent a Russian botnet attack.

Asked about the economic impact on MSPs of all the recent Russian-tied cyberattacks, Morrison said the business repercussions “go both ways.”

MSPs with good, well-known cybersecurity products and services are seeing a spike in business these days as concerned companies rush to shore up their security infrastructures.

But those that have underestimated the need for sound and robust cybersecurity measures could suffer in coming months, he said.