One gets the sense that the world is changing before our eyes. Not just for Europe, but maybe for all of us. Things are looking bad for Ukraine, and we can feel sort of guilty wondering about the cyber-security implications of the Ukraine war for the rest of us. But the cyber dangers are real, and they are serious, potentially.
For example, immediately after the Russian invasion broke out, suspicious Russian-sourced cyber-attacks over a 48-hour period increased over 800%.
U.S. cybersecurity agencies and the Department of Homeland Security have all shared high alerts covering threat levels, preparedness, and response. This is really serious.
Cyber warfare is one of the first-use weapons in modern warfare, because it can be employed before a war officially goes “hot.” It also can soften up the target by disabling enemy systems and disrupting communication, operations, infrastructure…; pretty much anything. And as a general rule, nefarious state-sponsored cyber-activities have escalated when geo-political tensions are high. So obviously, Ukraine is getting cyber-hammered by Russia. But what about the rest of the world? What about the countries that have put themselves on Russia’s naughty-list by helping Ukraine (in various ways)? Countries like the US, the UK, Poland, Germany, etc?
The ripple effects of the Ukraine War
Russia’s war in Ukraine has raised the possibility that a major cyberattack could affect U.S. and European systems. This, even though the fighting — both real and digital — so far hasn’t spilled far outside of the country’s borders.
But as the war continues, both Russia’s own government hackers and also cybercriminals allied with Moscow will likely step up their attacks. This could affect systems worldwide, from widely used productivity tools to critical infrastructure such as power grids.
Some of these “allies” of Moscow are gray-market cybercriminals in Russia that occasionally pursue government objectives to keep law enforcement off their backs. These groups can really be set loose and act with impunity.
Already, for example, the Conti ransomware gang said it would strike at the critical infrastructure of anyone launching cyberattacks “or any war activities against Russia.”
Tit for tat
Cyber criminals and Russian operatives could hit back at other countries’ efforts to punish Vladimir Putin’s military aggression. Even human-rights groups or the hacker collective Anonymous could become targets. So could social media companies cracking down on government disinformation.
Even cyberattacks that are aimed at Ukraine could end up having far-reaching consequences. Ill-targeted cyber weapons can easily spread into related regions or systems. Call it collateral cyber-damage.
The U.S. Cybersecurity and Infrastructure Security Agency and FBI said in a joint warning over the weekend that they expect this may happen.
“Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries,” they said.
Digital attacks have already been taking place: Ukrainian government, foreign ministry and state service websites went down before Russia’s invasion. Plus, a “wiper” attack also hit a Ukrainian agency and a financial institution.
“Since there’s so much shared infrastructure in the world, the likelihood of that spilling over and affecting other people is very high,” said Sean Gallagher, senior threat researcher at cybersecurity company Sophos. “The internet knows no boundaries.”
For example, the 2017 NotPetya ransomware attack began in Ukraine. It was eventually attributed to Russia, got out of hand and spread worldwide. That same year, North Korea launched the WannaCry attack that eventually affected systems in 150 countries.
“We have seen multiple cases where cyberweapons like that have gone out of control … and spread themselves,” Gallagher said. “That’s a distinct possibility here.”
However…
“These third-party services that we’ve all become dependent upon, during COVID especially, are pretty well-armed to defend themselves, but they are still vulnerable,” Gallagher said.
There are some reasons for optimism. For one, a lot of businesses in Ukraine haven’t moved their IT into the cloud. This, despite the high number of tech workers in the country.
“Russian cyberattacks are likely to focus [on] on-premise servers within the country,” Meserole said. “As a result, targeted attacks on productivity software within Ukraine are unlikely to have massive effects elsewhere,” said Chris Meserole, director of Research at the Brookings Institution’s Artificial Intelligence and Emerging Technology Initiative.
So it’s no time to panic. It’s not that Russia is readying some new, James Bond-type of never-before-seen-attacks on the hapless Western world.
More likely, hackers allied with Russia will be looking more aggressively for openings or getting ready to exploit systems that they may already have infiltrated.
So what do we do?
Experts emphasize many of the same safety measures we are already familiar with. Basic cyber-hygeine such as using strong passwords is important. So is minimizing the reuse of passwords. (A password manager can help with both.) Install software updates and patches ASAP. And turning on two-factor authentication for logins and backing up computers will go far.
And be on guard against phishing attacks and to avoid clicking links and attachments you didn’t expect to receive.
For individuals and small organizations, Avast Endpoint Protection for Small Business is an affordable, easy-to-use all-in-one safeguard. They also have a good free Antivirus for the home. Of course, it lacks some of the features of paid solutions, but it’s quite solid.
There’s also many versions of Check Point Harmony, Emsisoft AntiMalware for Home and Business Security. And up in the high-end there’s the large Sophos Intercept X Advanced family, FortiEDR, FortiEDR with MDR, and FortiXDR. To name a few.
So, the cyber-security implications of the Ukraine war for the rest of us? Be careful out there, but don’t be afraid. Use common sense. And if you have any questions about any of this, email us or call Corporate Armor at 877-449-0458. With brands like Fortinet, Sophos, Check Point, Palo Alto and more, we have many weapons for your war against the IT threatscape, and we are ready and able to help! Thanks for reading!