Russia’s military assault against Ukraine is likely to be accompanied by a wave of cyberattacks that could wreak havoc on computer systems far beyond the countries’ borders, security experts warn.
On Wednesday, just hours before Moscow sent troops into its neighbour’s territory, the websites of several Ukrainian banks and government agencies were disabled by so-called denial of service (DDoS) attacks that Kyiv claimed were of Russian origin.
Cyber security firm ESET said Wednesday that malware capable of erasing data had been found on hundreds of computers in Ukraine, an attack that appears to have been planned two months ago.
The Ukraine government had already seen dozens of official sites hacked last month in attacks it blamed on Russia, despite Moscow’s denial.
“Russia is very good at mixing the private actors and state actors,” said Serge Droz, head of security at Protonmail, the encrypted email provider.
He said that Russian President Vladimir Putin has acknowledged the existence of “patriotic” hackers, and Moscow is widely thought to have orchestrated the massive cyberattack that crippled Ukraine’s electricity network in December 2015.
“It didn’t create huge physical damage, but it created a lot of psychological damage — it’s like disinformation and manipulating the public opinion,” Droz said.
Western nations brace
The threat of widespread sanctions against Russia by the West could spark Moscow to retaliate by launching cyberattacks against targets in Europe and the US.
Germany said Thursday that it was bolstering its cyber defences to ward off Russia-based attacks, while the European Union is prepared to activate an EU cyber response team to help Ukraine face the threat.
“If you’re suddenly having 190,000 troops attack Ukraine, chances are… that the cyberattack will not be a single piece of malware,” Mark Warner, chair of the US Senate Intelligence Committee, told the Axios news site.
“If you unleash not one, but five, or 10, or 50, or 1,000 at Ukraine, the chances of that staying within the Ukrainian geographic border is quite small,” he said.
“It could spread to America, could spread to the UK, but the more likely effect will be spreading to adjacent geographic territory” such as Poland.
Governor Kathy Hochul of New York announced Sunday reinforced cyber security efforts in the face of the “current geopolitical uncertainty,” saying her state was home to leading targets in finance, energy and transportation sectors.
Washington has already accused criminals with alleged ties to the Russian government of carrying out vast ransomware attacks against critical infrastructures, such as the May 2021 attack of the Colonial Pipeline that shut down oil shipment for days.
But IT experts say they have learned to recognise many of the tactics employed by Russia-linked hackers, which could help limit the threat as governments and companies increase their surveillance.
“We have a long experience with these actors. We know a lot about them and that means that we can actually develop defences that counteract their methods,” said John Hultquist, vice president for intelligence analysis at the cyber security firm Mandiant.
His company has set up a dedicated task force during the Ukraine crisis, which “has already proven to be a catalyst for the additional aggressive cyber activity that will likely increase as the situation deteriorates,” according to its website.