On February 24, 2022, Russia launched a full-scale invasion of Ukraine, the largest military assault on a European nation since the second world war.
Alongside ground, sea, and air bombardments from Russian forces, the Ukrainian government and military have had to repel a barrage of cyberattacks. If a full-scale global cyberwar soon becomes reality, then US businesses – already top targets for ransomware – are expected to be targeted.
American companies are being advised to review their cybersecurity measures and update their systems in order to mitigate to account for the heightened risk of attack.
The Role of Cyberwarfare in the Russian Invasion of Ukraine
The current conflict unfolding in Ukraine will be one of the first all-out wars in which cyber warfare tactics play a pivotal role in who emerges victorious. Just days in, state and state-supported actors are pressing hard to get the upper hand online.
Bleeping Computer reported last Friday that Belarusian hackers are sending phishing emails to the inboxes of Ukrainian military personnel. More concerningly, hundreds of computers in Ukraine and Latvia have been infected with powerful, data-wiping malware that’s not been seen before, with Russia thought to be the source.
“Disinformation, false flags, DDoS attacks, and destructive wiper malware are a part of Russian military doctrine.” – Rick Holland, Digital Shadows.
Russia has reportedly been flooding Ukrainian government servers with attacks for some time now. Back in mid-January, over 70 websites owned by the Ukrainian government were hacked.
“Russia didn’t just decide to invade Ukraine this week,” Rick Holland, Chief Security Officer at Digital Shadows, told the Guardian. “Military planners have prepared for this campaign years in advance… DDoS attacks and destructive wiper malware are a part of Russian military doctrine; the battle plans have been drawn up and are now being executed.”
This isn’t the first time Russia has engaged in cyber warfare in Eastern Europe. When President Putin annexed Crimea in 2014, for instance, it saw Ukrainian energy utility suppliers attacked by Russian malware, a move that shut off electricity for thousands of people in the former Soviet nation.
Other incidents – most notably the 2007 DDoS attack on Estonia and similar digital assaults in the invasion of Georgia in 2008 – have never been officially traced back to Russian state actors but are presumed to be linked in some way, shape, or form.
Other military doctrines like “Maskirovka”- altering the perception of reality in enemy ranks to sew confusion – underpins the Kremlin’s efforts to spread disinformation among Ukrainian military personnel and civilians.
“We just can’t compete in the information war… democracies, and the way you do these things, makes it very difficult” – Ed Arnold, Royal United Services Institute.
Aside from staging videos that portrayed Ukrainian forces as the aggressors and spreading them around social media, Russia has spread rumors that Ukrainian president Volodymyr Zelenskyy had left the capital Kyiv and even sent text messages to Ukrainian soldiers telling them to lay down their arms and surrender. Facebook and TikTok have now banned Russian state-backed media in Europe.
On all digital fronts – as well as on the ground – Russia will face stiff resistance and will have to defend against attacks themselves. In Ukraine, a volunteer force – dubbed the ‘IT Army’ – has begun to mobilize. With over 175,000 members, the group is assigned tasks via the Telegram app and was recently asked to orchestrate a DDoS attack on 25 Russian websites.
There are some reports suggesting that the IT Army was responsible for bringing down Russia’s Sberbank.
They will be hoping that rumors that US tech giants could stop Russia from downloading software updates – which would make the country’s digital infrastructure much easier to hack – will soon become reality.
Hacking and Ransomware Gangs Choose Their Sides
To make matters more complicated, although traditional definitions of ‘cyber warfare’ are usually confined to the actions of nations states, in this conflict, ransomware gangs, and hacking groups are starting to hedge their bets.
Russia – which is home to its fair share of ransomware groups– has had support from underground organizations.
The Conti Group – whose attack on Ireland’s health system last year had devastating effects – has already vocalized its “full support of [the] Russian government” and said it would use “all possible resources” to fight those who commit “a cyberattack or any war activities against Russia.”
“They don't operate directly for the Russian government, but they operate under a set of rules that says: ‘you guys do what you want… don't target Russian stuff and we won't bother you” – Herb Lin, senior research scholar at Stanford University's Centerfor International Security and Cooperation.
Hacking group Anonymous, for instance, officially declared war on Russia on Sunday. The group has already claimed responsibility for a number of attacks since fighting broke out in Eastern Europe, with targets including Russian government websites, state broadcaster Russia Today, and Belarusian weapons manufacturer Tetraedr.
Just today, more Pro-Kremlin news websites – TASS, Fontanka, and Kommersant – were all down, a move that has also been attributed to Anonymous. Russian nuclear and Department of Defence data has also reportedly been accessed.
US Businesses Could Find Themselves Caught in The Cyberwar
The Russian invasion of Ukraine could easily spill over into an out-and-out cyberwar that involves a lot more than just the two countries currently fighting on the ground.
In a gloomy illustration of this point, Russia may even be able to cause major issues for Western businesses by simply attacking Ukraine – around one-fifth of Fortune 500 companies outsource at least some of their IT operations to Ukrainian companies.
For US businesses, in particular, more direct attacks are a real and present danger, with Russia fully prepared to target American critical infrastructure if necessary.
“If Russia pursues cyberattacks against our companies, our critical infrastructure, we’re prepared to respond” – US President Joe Biden.
US Banks, for instance – which are already targeted daily by cyber-attacks – have been told to brace for an assault on their sites and systems as payback for the tough economic sanctions that now preside over Russia's financial institutions.
“Destructive malware can present a direct threat to an organization's daily operations, impacting the availability of critical assets and data,” CISA and the FBI warned in a public advisory. “Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries.”
What can my Business do to Defend Itself?
Warnings from US organizations concerned with cyber-attacks are to remain vigilant and review all of the cybersecurity measures they currently have in place.
If you own a US business, now is the time to make sure all the software you’re using is up to date, because out-of-date software creates an easy back door for hackers and scammers. If that business is a small one without a dedicated IT team, installing antivirus software is a must, especially with destructive, data-wiping malware being reported in the wild en masse.
Russian state-sponsored APT (Advanced Persistent Threat) actors have been known to use brute-force password guessing and password spraying campaigns to gain personal details – and there are reports they’re hacking Facebook accounts to post misinformation – so using tools like password managers to mitigate this threat is advised.
Lastly, US companies like Cloudflare inc. are taking steps to move any data held about customers out of Ukraine, so if you are using a tech team or servers in the country, taking steps to secure/move any data you hold there is strongly recommended.