In the buildup to Russia’s Ukrainian invasion, nearly every media outlet and cybersecurity specialist – including us – warned that a Russian war would inevitably spill over into cyberwarfare. Two days before the attack, Britain’s National Cyber Security Centre (NCSC) warned of “international consequences” and called on UK organizations to “bolster their online defenses.” On February 24, the day Russia invaded Ukraine, CNN reported that the US was bracing for Russian cyberattacks.
It’s been four months since Russia launched a full-scale invasion of Ukraine. To date fears of wide-scale nation-state attacks that cripple critical infrastructure and disrupt international banking systems have largely been unfounded for much of the western world. That said, notable recent attacks by Russian criminal groups on Italy, Greenland, and Costa Rica have caused massive damage and serve as a continued warning to Russia’s cyber capability.
In preparing for the war, most experts predicted that it would be just days or weeks until Ukraine fell entirely into Russian hands. In the United States, Chairman of the Joints Chief of Staff General Mark Milley told congressional leaders that the country would fall within 72 hours.
The entire world vastly underestimated Ukraine’s fighting strength. However, they have not vastly overestimated the Russian cyber threat. Still, despite Russia’s undeniable offensive cyber capabilities, relatively speaking, the Kremlin has not increased its devastating cyber war against the West since its military invasion began – despite unprecedented sanctions. It has mostly allowed its state-aligned attack groups to go after countries that lack strong retaliatory capabilities such as Italy, Greenland, and Costa Rica.
Russia is Not a Sleeping Bear
In 2017 Russia deployed NotPetya malware. The attack began in Ukrainian accounting software and quickly spread around the world. It left a trail of damage and disruption that cost billions of dollars. When the current war broke out, many feared a similar-style attack that could leave the west reeling, and indeed Ukraine has experienced a series of disruptive cyber operations. Website defacements, DDoS attacks, and cyberattacks that deleted data off government computers are all part of the hostilities. These attacks are disruptive and are taking down electric grids, upending the banking system, the media, infrastructure, and shutting down communication networks and satellites.
Attacks emanating out of Russia include nation-state grade sophistication. Military
cyberattacks outside Ukraine include Costa Rica where the whole country was brought to a standstill, Italy where whole regions stopped functioning and Greenland whose healthcare was taken offline.
Attacks inside Ukraine have consumed the resources of Russian Government attack units supervised by the GRU, FSB, and SVR. Attacks outside Ukraine have mostly been carried out by ransomware groups (state-aligned but not state-sponsored).
Having studied Russian cyber capabilities and motivations for a long time and having seen the patience and endurance exhibited by their stealth attacks, we believe that Russia is continuously ensuring they have plenty of stealthy footholds worldwide to detonate should they wish. Obviously, we can’t see these; they leave no footprints and there’s no impact until they execute.
Still, cybersecurity experts worldwide have been wondering which countries that have supported Ukraine militarily will be next to experience this cyber aggression.
Waiting for a Different Time to Attack
Rob Joyce, director of cybersecurity at the National Security Agency, believes that there has been sustained cyber conflict since the beginning of the war. Paul Chichester, director of operations at the NCSC, called the cyber clash between Russia and Ukraine “the most sustained set of cyber operations coming up against the best collective defense we have seen.”
The US State Department has speculated that Russia hasn’t gone after more western cyber-targets such as the US and UK because it doesn’t wish to fight a war on two fronts. We suspect that the Russians have not downgraded their capabilities but are merely waiting for a different time to attack.
How Should Organizations React
Enterprises, governments, critical infrastructure utilities, and other organizations must guard against complacency. Russian-based nation-state attacks pack a powerful punch. They’ve proven capable of hacking into the US power grid in the past and have interfered with elections in the United States and Germany.
If nothing else, they have proven how dangerous they can be, and as the war continues to drag on, there is no telling what Russian president Vladimir Putin might do. His seemingly erratic behavior throughout tensions with Ukraine may push him to order attacks against some of Ukraine’s allies.
Organizations in Europe and North America need to upgrade their security posture as quickly as possible. It is vital to adopt additional levels of readiness, response, and resilience to counter the risk of a Russian cyber attack.
Proactive activities, such as table-top exercises simulating destructive attacks, can help identify weak spots in organizational security deployments, as well as flaws in incident response processes.
Backups must be checked to ensure that they are resistant to attacks and that access to backups is adequately restricted. If there are items in the supply chain connected to Ukraine, it is recommended to adapt permissions and tighten access control policies or to use alternative software to insulate the company from risk.
Above all, it is crucial to apply nation-state grade defense plans that use attacker methods and motivations to enhance security countermeasures.
For organizations that lack the personnel or skill set to run these security measures, it is highly recommended to outsource cybersecurity to a team of experts. These cybersecurity services can go a long way in enhancing an organization’s security posture and protecting it from catastrophic consequences stemming from attacks. In the battle against nation-state grade cyberattacks, working with a team of security pros will help to properly implement these protective measures.
Reach out to a HolistiCyber expert today to discuss your cybersecurity needs.