As the U.S. and other nations announce sanctions against Russia amidst the crisis in Ukraine, this week we examine concerns over retaliatory cyberattacks.

Cyberattack Concerns Mount in the West as Russia Invades Ukraine

Micah Hanks·

cyberattack

Welcome to this week’s edition of The Intelligence Brief… as the United States and other nations have now announced sanctions against Russia as the crisis in Ukraine continues to develop, this week we’ll be turning our attention toward the concern over retaliatory cyberattack attempts being raised by security experts. Items we’ll be looking at include 1) the emerging threat of new cyberattacks, 2) the current level of preparedness by the U.S. and other western nations against such threats, and 3) what the NSA, the FBI, and CISA recently had to say about Russia’s efforts to compromise U.S. data security.

Quote of the Week

“If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.”

– Bruce Schneier

Before we get into our analysis for this go around, a few stories we’re covering this week at The Debrief include the story of an engineering student from the Philippines who has created a solar panel that doesn’t require direct sunlight to generate power. We also have a report on why the Olympics teams are employing a new AI system could help prevent doping. Meanwhile, Avi Loeb also presents us with a lesson in “Cosmic Stoicism” where he recounts a recent exchange with former U.S. Secretary of State Henry Kissinger about extraterrestrial life.

Also be sure to check out what’s happening over on The Debrief’s YouTube channel for video news, interviews, and much more. We’ll also have a complete listing of all our latest stories at the end of this newsletter… and with that all behind us, it’s time to take a look at why security experts are concerned about the days ahead, and how Russia could respond to the recent series of sanctions imposed against it by the West.

 

As Invasion Ensues, Concerns Over Cyber Threats Emerge

“Yesterday Vladimir Putin recognized two regions of Ukraine as independent states,” said U.S. President Joe Biden during a press conference on Tuesday. “To put it simply,” Biden said, “Russia just announced that it is carving out a big chunk of Ukraine.”

“This is the beginning of a Russian invasion of Ukraine,” Biden added, “so I’m going to begin to impose sanctions in response far beyond the steps we and our allies and partners implemented in 2014. And if Russia goes further with this invasion we stand prepared to go further as with sanctions.”

Biden’s announcement followed the issuance of similar sanctions against Russia by the United Kingdom earlier on Tuesday, with Canada also imposing sanctions against the country as the current crisis in Ukraine worsens.

Then, early Thursday morning local time, Putin carried forward with military actions into Ukraine, which Biden called an “unprovoked and unjustified attack by Russian military forces.” Putin claimed he ordered the attack to “demilitarize and de-Nazify Ukraine,” expressing his intent on bringing its leaders to trial. Meanwhile, Ukraine called the attack a “full scale invasion,” with NATO’s secretary-general characterizing the operation as a “brutal act of war.”

With the events of Thursday, the worst that many feared was yet to come appears to have finally arrived.

Yet even beyond the battleground that has now become Ukraine, concerns were being issued earlier in the week coinciding with news of the well-justified sanctions being issued by western nations, as many are also now worried about renewed threats from retaliatory cyberattacks by Russia that could extend well beyond the heart of the conflict, potentially affecting populations in other countries around the world.

“Financial institutions in Western countries may see retaliatory cyber attacks from Russian-based threat groups after Canada, the U.S. and U.K. announced sanctions against Russian banks following that country’s recognition of two breakaway regions of Ukraine,” wrote Howard Solomon reporting for IT World Canada.

cyberattack

A statement issued Tuesday by Britain’s National Cyber Security Centre (NCSC) also warned that Britain and its allies must be prepared for the potential of such cyberattacks in the days ahead.

“While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine,” the statement read, “there has been an historical pattern of cyber attacks on Ukraine with international consequences.”

Although there may be no “current specific threats,” events of recent days have already shown the need for readiness in the event of any potential cyberattacks, particularly as Ukraine and other countries like Canada have been recipients of such attacks.

 

Are We Prepared? Cyberthreats at Home and Abroad

In recent days, a cyberattack temporarily affected several Ukrainian government websites, as well as those of Ukrainian financial institutions, following a series of distributed denial of service (DDoS) attacks. Following the incident, officials in both the U.S. and Britain blamed Russian military hackers for the attacks. (UPDATE: As of early Thursday morning local time on February 24, 2022, CNN reported that the websites of several Ukrainian government agencies, including the Ukrainian Cabinet of Ministers and the ministries of foreign affairs, infrastructure, education, and other agencies were reportedly “experiencing disruptions” suspected of being related to cyberattacks).

The Ukrainian government attack was only one of several similar incidents that have occurred since the beginning of 2022. According to a timeline of significant cyberattack events at the website of the Center for Strategic and International Studies, last month a similar cyberattack against the Ukrainian government resulted in damage to “dozens of computers in government agencies” after 90 websites were targeted.

Also in January 2022, the Canadian Foreign Ministry’s website was breached within 24 hours of the Canadian government issuing a warning to “bolster network security in anticipation of Russia-based cyberattacks on critical infrastructure.” Within days of the Canadian cyberattack, hackers also breached systems with the International Committee of the Red Cross, which allowed them to access data “on more than 500,000 people and disrupting their services around the world.”

This may be just the tip of the iceberg too, as Reuters reported on Tuesday that “Ukrainian authorities said they had seen online warnings that hackers were preparing to launch major attacks on government agencies, banks and the defence sector,” adding further concerns to the quickly escalating situation.

With rising concerns over Russian cyberattacks abroad in response to the sanctions issued this week, many are concerned about future incidents that could impact government and industry in the U.S. as well; but are we prepared for such attacks?

“President Biden has made cybersecurity, a critical element of the Department of Homeland Security’s (DHS) mission, a top priority for the Biden-Harris Administration at all levels of government,” reads a Department of Homeland Security (DHS) statement.

“To advance the President’s commitment,” the statement continues, “and to reflect that enhancing the nation’s cybersecurity resilience is a top priority for DHS, Secretary [Alejandro] Mayorkas issued a call for action dedicated to cybersecurity in his first month in office,” which included detailing plans focused on addressing future threats from ransomware attacks.

Alejandro Mayorkas (Public Domain).

“The first sprint will focus on the fight against ransomware, a particularly egregious type of malicious cyber activity that usually does not discriminate whom it targets,” Mayorkas said in a statement. “It is malicious code that infects and paralyzes computer systems until a ransom has been paid. Individuals, companies, schools, even hospitals and other critical infrastructure have been among the victims.”

“Let me be clear,” Mayorkas added, “ransomware now poses a national security threat.”

 

Sounding the Cyber Alarm

That threat is all too real, as was made evident in an alert issued by the Cybersecurity and Infrastructure Security Agency (CISA) on February 16. According to the alert, jointly published by CISA along with the NSA and FBI, between January 2020 and February 2022 all three agencies said they had “observed regular targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors.”

“The actors have targeted both large and small CDCs and subcontractors with varying levels of cybersecurity protocols and resources,” the alert states, noting that contractors vital to command, control, communications, and combat systems, as well as surveillance and intelligence gathering, and even weaponry systems and development have all been targeted.

“By acquiring proprietary internal documents and email communications,” the alert states, “adversaries may be able to adjust their own military plans and priorities, hasten technological development efforts, inform foreign policymakers of U.S. intentions, and target potential sources for recruitment.”

As the developing situation in Ukraine illustrates, the 21st-century battlefield is no longer a localized consideration in the traditional sense of warfare; it is one where nations around the world can all be affected from afar, and the impact extends not just to militaries, but potentially to every one of us.

“It’s not just Russian tanks and missiles that threaten Ukraine and the Western alliance. Its Russian cyberattacks,” read a statement at the website of The Center for European Policy Analysis (CEPA) this week. “Western democracies need to react against this danger with a common approach to tech regulation.”

Writing that there is “considerable room for improvement in the way the US and the EU handle cybersecurity,” Toomas Hendrik and Roland Freudenstein argue that the United States and its European partners “must seek common ground, placing security and defense of democracy at the center of our efforts,” also calling for renewed partnerships between public and private components within the digital domain.

“The real Bad Guys… are not US Big Tech companies,” they added. “It is the axis of authoritarians, led by Russia under Vladimir Putin and China under Xi Jinping.”

“Democracies need to shape up against them.”

That wraps up this week’s installment of The Intelligence Brief. You can read past editions of The Intelligence Brief at our website, or if you found this installment online, don’t forget to subscribe and get future email editions from us here. Also, if you have a tip or other information you’d like to send along directly to me, you can email me at micah [@] thedebrief [dot] org, or Tweet at me @MicahHanks.

Here are the top stories we’re covering right now…