About a week before Russian troops invaded Ukrainian territory, the first Russian cyberattack of this war was launched: some 70 Ukrainian government sites were targeted, among them the National Security and Defense Council.
The hacked sites displayed a threatening message in Russian, Ukrainian and Polish: “Ukrainians! All your private information has been uploaded to the public network. All the data in your computers has been destroyed – it’s impossible to retrieve it. All your data has become public – fear and expect the worst. This is your past, present and future.”
According to the Israeli cybersecurity company Check Point, as of Sunday, the number of attacks against government and military sites in Ukraine since the start of the fighting last week has risen 196 percent. In addition, the number of phishing attacks done through email has jumped by a factor of seven in countries that speak Eastern Slavic languages (Russia, Ukrainian and Belarus).
Though the attacks have not yet caused major damage, experts in the cybersecurity world know very well what Russian capabilities are: In June 2017, the Ukrainian government announced that a virus had penetrated ministry computers and caused them to stop working. All the signs pointed to Russia. Besides ministries, the virus, which was called Petya, was used to attack the postal service, the system for monitoring radiation at Chernobyl, banks and the country’s largest telephone company.
In the days following the Russian invasion, another virus that had been dubbed by expert NotPetya, caused huge damage in Europe and the United States. According to several reports, Israeli companies were also targeted. The Ukrainians claimed it was also a Russian attack, but the Russian categorically denied any connection to it.
“Right now, there is a great deal of concern, bordering on panic. Cybersecurity officers know what happened in 2017 and they're worried it will happen again,” says David Warshavski, vice president for enterprise security at the Israeli cyber research group Sygnia, which provides consulting services for victims of hackings.
He says the panic isn’t justified. “I think we need to ratchet down the anxiety. We don’t have the same kind of threat we had in 2017, and I don’t think we’ll face the same kind of situation. Today, the industry is more advanced, and attackers like these can’t penetrate systems and do the same kind of damage.”
- In Shadow of Ukraine-Russia Cyberwar, Iranian Hackers Go on the Offensive
- Bags of Diamonds and Kidnappings: Israeli Firm Fights Copycat in India
- U.S. Accuses Russia of Ongoing Operation to Hack Energy Grid
By contrast, Lior Simon, an investor and partner in the Cyberstarts fund, believes the danger is real. “The risk of an all-out cyberwar is entirely possible. The fear exists and is growing,” he says. “Those who need to worry are mainly companies who operate at the sensitive nexus of business and government, like airlines and banks.”
Simon says that small and medium-sized businesses that work with state-owned enterprises are also likely targets for attacks aimed at causing indirect harm to sensitive bodies.
“Many security managers that we have been in touch with have suspended projects they were working on in order to see what they need to do immediately and get services that will help protect them against future attacks,” he says. “They need to be sure that every part of the organization is secure and it’s still too early to assess the impact of the current fighting."
Ido Naor, the CEO of Security Joes, a Tel Aviv firm that specializes in helping clients cope with cyberattacks, says demand for cybersecurity has soared: “Since Friday, we’ve been getting requests for help from banks, big insurance companies and other organizations in Europe,” he says.
“Most of the requests we’ve gotten are for help in strengthening defenses and preventing attacks. Everyone has boosted the threat level to maximum because Europe has joined the campaign [against Russia]. They are operating under the assumption that they will be targeted by Russian groups.”
He says that conversations with his biggest clients have in many cases gone on for months due to corporate bureaucracy, but last week they began cutting through the red tape and expediting their dealings because of the situation.
Elad Menahem, director of security at Israel’s Cato Networks, also says demand has soared. “Cyberwars like these increase the need for protection in medium-sized and big organizations and also boosts demand for ‘cyber insurance’, which makes transitions far more expensive than they were three or four years ago,” says Menahem.
“There’s also been a jump in demand for consulting and analysis services as well as for new products and tools. For example, a company bought one of our products and due to the situation asked that we add to it an additional existing feature whose competitor in the market is a physical device,” he says, explaining how demand has increased.
Ukrainian Vice Prime Minister Mykhailo Federov in recent days has called on hackers from all over the world to join his country’s struggle by attacking Russian targets. The Ukrainians have set up Telegraph groups that offer a bank of Russian targets and list tasks that the digital resistance needs to complete. The potential targets include government sites and companies with strong links to the Russian government, for example, the energy company Gazprom.
“We’re seeing a lot of spontaneous organizing. If the physical war requires a lot of resources, today anyone with a laptop can join a cyberwar. Criminal groups are popping up all over and this is a big threat to organizations,” says Menahem.
He said the threats that result are less severe, as they are mostly attacks on websites, but the challenge is growing because the attacks are broader and indiscriminate, much less targeted and defenses now need to be broad, too.
Menahem also detects panic in the market, but he has a reassuring message: “There is fruitful collaboration underway between different cyber intelligence agencies, which publish information on Russian groups and information on attacks.” This real-time cooperation helps to block attacks immediately, which significantly reduces the risk that a hack will cause major damage.
The Russian hacker group Conti, best-known for the ransomware attacks it’s staged since 2019, has been their main focus as it serves as an umbrella for different Russian cyber gangs. The group uploaded a post on its blog announcing it was joining the cyberwar and would attack Western targets.
“The assumption in the cyber world is that hacker groups are using the situation as an excuse – at the end of the day what they want is mainly money,” says Sygnia’s Warshavski. Conti has been operating for years, he notes, and is simply leveraging the crisis to justify its activities.