Cyberattacks intended to destroy computers at Ukrainian organizations in recent weeks may soon create problems for companies in other countries, according to two U.S. agencies.
Fears of major Russia-based cyberattacks on the United States and its allies related to the Russian invasion of Ukraine haven’t yet been realized. Still, the FBI and the Cybersecurity and Infrastructure Security Agency are warning U.S. companies about two cyberattack campaigns targeting Ukrainian organizations.
“Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries,” the two agencies wrote in an advisory published on Feb. 26. “Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event.”
Security researchers have seen two major cyberattack campaigns against Ukraine. In mid-January, the Microsoft Threat Intelligence Center
pointed to attacks
using malware called WhisperGate. This malware, often disguised as ransomware, is instead used to render targeted computers inoperable.
In late February, security researchers pointed to attacks using a malware called HermeticWiper, which creates boot failures on Windows-based computers, making them inoperable.
The CISA and FBI alert advises organizations to take several steps to protect themselves, including proper network segmentation, multifactor authentication of users, and monitoring failed login attempts and file-sharing access.
Given recent U.S. sanctions on Russia, companies in the country should continue to be vigilant, said John Dickson, vice president at
Coalfire
, a cloud security company. Cyberattacks from Russian groups are “a logical response” given economic sanctions from the U.S. and other countries, he told the Washington Examiner.
“Russia’s escalation has made the prospect of some sort of cyberwar more tangible,” he said. “Cyberattacks are simply too attractive to pass up given our inability to attribute them to a source.”
In talking with several company security executives, Dickson found many of them increasing monitoring of critical systems and standing up incident response teams, he said, adding, “There’s a feeling this is about to get real for security teams.”
In addition to the wiper attacks already happening, U.S. organizations should be prepared for ransomware and denial-of-service attacks, Dickson added.
In some cases, attacks may come from Russia-based hacking groups not directly connected to the government there, added Will Carlson, senior director of content at
Cybrary
, a cybersecurity training provider.
“Intel continues to support that Russia leverages threat actor groups within their country not directly controlled by their government,” he told the Washington Examiner. “The typical arrangement they have appears to be, ‘Don’t hack us, and you’re free to operate.’”
While the wiper attacks may not target U.S. companies, Carlson added that security teams should be on the lookout for other attacks from Russian groups.
“As global tensions increase, U.S. organizations should be increasingly concerned that they may be targeted for our country’s stance against Russia,” he said. “Although they may not see the malware variants found deployed inside Ukraine, they could see increased attacks from threat actors associated with Russia and their allies.”
He added that many other hacking groups might look to take advantage of the Ukraine crisis: “Most threat actor groups globally are opportunistic. They will take advantage of any crisis they can.”
While U.S. agencies are warning companies of future attacks, Russian hacking groups have likely already laid the groundwork, added Joel Burleson-Davis, chief technical officer of cybersecurity company
SecureLink
. In many cases, hackers gain access to targeted systems months before initiating a major attack, he told the Washington Examiner.
“Russia has a very sophisticated cyber-warfare arsenal, which they’ve likely already discreetly deployed as dormant infiltrations,” he added. “In retaliation to U.S.-imposed sanctions, it’s highly possible that Russia will drop all subtleties and coordinate attacks across institutions to shut down our systems and ultimately damage the economy.”
