Rhetoric from leaders around the world has signaled that it is no longer a question of if Russia will invade Ukraine, but when and how. Geopolitical tensions are palpably high, which has introduced the potential for a longtime cold war between the U.S. and Russia (and their respective allies) to turn hot.
But a hot war is not what it used to be, and conventional warfare tactics used in World War II, Korea, and Vietnam are a thing of the past. The landscape of conflict today does not only feature active physical combatants — but instead also places companies in sectors such as energy, supply, healthcare, transportation and banking in digital crosshairs.
Several trends converge to make this possible. The interconnectedness of the global economy, widespread access to the internet, expanding attack surfaces, and ubiquitous dependencies on the digital sphere have produced a combination of cyberwar tactics. Strategically used alongside more traditional kinetic warfare to achieve a multiplicity of ends, these new modalities of conflict have been described as “hybrid warfare.”
Recently, in a speech addressing the Russia-Ukraine conflict, President Joe Biden said that the U.S. is prepared to respond to “disruptive cyberattacks against our companies or critical infrastructure.”
As the likelihood of a Russian invasion grows and the situation becomes increasingly hostile among adversaries, public and private sectors across the globe, specifically in the U.S. and Europe, should be on high alert for a wave of cyberattacks.
Russian Cyber Capabilities and Targets
Based on historical threats related to this specific geopolitical conflict and geopolitical or social crises in general, there is an expectation that, in addition to the potential for physical conflict at the Ukrainian border, there will be cyberattacks against private sector companies and critical infrastructure providers outside Ukraine — namely targeted at the U.S., Europe, and other western allies. This week, a series of cyberattacks took the websites of the Ukrainian army, the defense ministry, and major banks offline. At least 10 Ukrainian websites were unreachable due to the attacks, including the defense, foreign and culture ministries and Ukraine’s two largest state banks.
In recent years, state actors have become increasingly bold in tapping into cyber threat actors to conduct attacks with the goal of disrupting an enemy and damaging their economy. For example, we have seen Moscow make use of hacking groups such as Armageddon, which is linked to Russia’s Federal Security Service (FSB), to perform cyberattacks.
This would not be the first instance, as cyberwarfare tactics have been combined with more traditional kinetic warfare throughout previous conflicts in the region.
In recent weeks, hackers have defaced more than 70 Ukrainian government websites, Microsoft Threat Intelligence Center identified evidence of a destructive malware operation targeting multiple organizations in Ukraine, and Ukraine was hit with a massive cyberattack, affecting the websites of the foreign ministry, education ministry, ministry of agriculture, energy, and sports, as well as the state emergency service — with Ukrainian officials pointing to Russia and Belarus as culprits behind the intrusion.
Russia may seek to project its force beyond Ukraine, not only in Europe but also in the U.S. and the West, as a response to retaliatory sanctions and measures following an invasion. Although this encroachment may only be seen as a threat to Eastern Europe when viewed through the lens of conventional warfare, the responses of nations like the U.S. and NATO allies could result in cyberattacks as a means of inter-and intracontinental warfare. And as we’ve seen countless times, targets are not reserved to the public sector. In the new model of hybrid warfare, private companies are no longer collateral at the periphery of the conflict, but rather a strategic target through which economic disruption can be achieved.
In a recent piece, Daniel Lohrmann, an internationally recognized cybersecurity leader and technologist, noted that “many experts think that we may be in a global holding pattern until after the Winter Olympics in China. But it is clear that public- and private-sector organizations need to be on alert and ready should more global cyberattacks be launched (in whatever capacity) as a part of the situation in Ukraine at any time.”
Nations Have Begun Cyber Preparations
As the Russia-Ukraine crisis escalates, countries around the world have taken notice and begun preparations. Proactive measures and warnings have come from the highest levels of governments, indicating that the threat of cyberwarfare is imminent.
- The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency put out a joint advisory in January entitled, “Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure.” CISA also warned U.S. companies to protect their IT systems against destructive wiper malware, which has been used against targets in Ukraine.
- The New York Department of Financial Services issued an alert to financial institutions in late January, warning of retaliatory cyberattacks should Russia invade Ukraine and trigger U.S. sanctions.
- Britain’s National Cyber Security Centre warned large organizations to bolster their cybersecurity resilience amid the deepening tensions over Ukraine by patching systems, enabling multifactor authentication, and backing up data, among other steps.
- Mark Branson, head of the German Federal Financial Supervisory Authority (BaFin), told an online conference that cyberwarfare was interconnected with geopolitics and security.
- Poland recently raised its nationwide cybersecurity terror threat in the wake of a cyberattack on Ukraine last week, adding that the new alert level was preventative.
- The European Central Bank is preparing banks for a possible state-sponsored cyberattack as tensions with Ukraine mount.
It is firmly established throughout the cybersecurity industry that crises, uncertainty, and volatility drive cyberattacks — just look at the increase in cybercrime, breaches, and ransomware attacks during the COVID-19 pandemic.
These warnings must not be taken lightly and should resonate with organizations worldwide. Proactive defensive cybersecurity actions, including ensuring that your company has advanced monitoring, threat detection, and response capabilities in place, must be taken to prevent companies, executives and employees from paying the price of global hybrid warfare.