How cyberwarfare in Ukraine could affect other countries
Tensions between Russia and Ukraine are high, and many political observers believe that a Russian invasion of Ukraine is imminent. If that happens, Russia would almost certainly use its formidable cyberwarfare capabilities as part of its overall military strategy.
But could cyberwarfare in Ukraine have effects elsewhere? U.S. government officials think that it’s possible — and are warning organizations in the United States to get ready.
What would cyberwarfare in Ukraine look like?
Russia has some of the most sophisticated cyberwarfare capabilities in the world — and has been using them in Ukraine for years. It’s possible that Russia already has some level of access to Ukrainian networks as a result of past incursions.
If war breaks out, Russia could launch cyberattacks against Ukrainian critical infrastructure (CI), potentially shutting off electricity and heating. In addition, Russia could disrupt cellular and communications networks in an attempt to interfere with military command and control.
Beyond CI attacks, Russia might also go after Ukrainian financial institutions, interfering with the average person’s ability to access their money, and thus putting pressure on the country’s economy.
Russia is also well known for its online disinformation capabilities: a “softer” form of cyberwarfare, but one that can still have serious consequences. In a war, these capabilities could be used to sow confusion and undermine morale.
Would cyberwarfare in Ukraine spread to other countries?
Russia is expected to target Ukraine for cyberattacks if there is a war. But would it target other countries as well?
The U.S. Department of Homeland Security (DHS) considers direct cyberattacks on CI facilities in the United States to be a possibility, but believes that such attacks would only be launched if Moscow perceived a threat to its “long-term national security,” according to a recent DHS security bulletin.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), for its part, has just released an advisory warning of “the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine”. In the advisory, CISA offers preventive security measures that it recommends for “all organizations … regardless of size”.
In the European Union, financial regulators are raising concerns about a possible Russian cyberattack on the banking sector. Reuters reports that “the European Central Bank (ECB) … is on alert for the threat of cyber attacks on banks launched from Russia” and that “the ECB has questioned banks about their defenses”.
In short, direct cyberattacks outside of Ukraine are possible, but they aren’t expected by any means. However, even if Russia limited its cyberwarfare activities to Ukraine, that still might not be a guarantee of safety for the rest of the world …
Cyberwarfare and collateral damage
A few weeks ago, Microsoft discovered a destructive form of malware targeting organizations in Ukraine. The malware was made to look like ransomware, but its true purpose was to render infected systems inoperable. Microsoft stopped short of naming Russia in its public report, but made reference to “ongoing geopolitical events in Ukraine” and classified the attack as “nation-state actor activity”.
If this malware sounds familiar, it’s because it bears a distinct similarity to NotPetya, a malware variant used in a 2017 cyberattack that began in Ukraine. Widely attributed to the Russian military, NotPetya was also engineered to look like ransomware, but was in fact “wiper” malware that effectively erased infected systems.
NotPetya was initially deployed against targets in Ukraine only, but the malware spread so efficiently that it ended up infecting systems all across the globe. All told, NotPetya caused an estimated $10 billion in damages worldwide.
Interestingly, it’s not clear that this was the intent of the group that unleashed NotPetya. Some security experts believe that all of those destroyed systems outside of Ukraine were, in effect, just collateral damage. This is one of the dangers of powerful cyberweapons: They’re difficult to contain, and they can spread rapidly and unpredictably.
In short, depending on what kind of cyberweapons are used, cyberwarfare in Ukraine might well spread beyond that country’s borders — even if the Russian military isn’t actively targeting other countries!
What can I do to stay safe?
Cyberwarfare is fought at a nation-state level, both offensively and defensively. However, there are a few things that “cyber-civilians” can do to protect themselves:
If there’s a major cybersecurity incident, you’ll want to know about it as soon as possible. In the United States, CISA has a Twitter feed that provides timely updates and alerts. In the UK, the National Cyber Security Centre offers a similar service. Both accounts are good sources of current security information. Local governments also have alert systems that allow you to sign up to receive SMS notifications in an emergency. To find one in your city, county, or state, just do a quick web search for “[area name] alert system”.
We don’t want to sound alarmist here, so let’s be clear: It’s fairly unlikely that an average computer user is going to run into a nation-state hacking threat, no matter what else is happening in the world. However, “unlikely” isn’t the same as “impossible”, and it’s always better to be safe than sorry. So make sure you update all of your apps and OSes to patch any existing security vulnerabilities. For Apple users, now is an excellent time to do this: On February 10, Apple released security updates that patch a serious WebKit vulnerability affecting macOS, iOS/iPadOS, and watchOS.
If an incident like NotPetya occurs again, there may be disruptions and outages at companies around the world. It’s pretty much impossible to predict which organizations would be affected. NotPetya impacted everyone from shipping giants and ad agencies to law firms and healthcare providers — and even one unlucky chocolate factory! Be ready for delays, and plan ahead in case something goes down. If you have an important deadline or payment coming up, or if you’ve been meaning to grab some information or download some documents from an online account, you might want to go ahead and take care of that sooner rather than later!