As Russia steps up its cyber attacks on Ukraine alongside a military invasion, governments on both sides of the Atlantic are worried the situation could spill over into other countries, becoming an all-out cyber war.
Russia has been blamed for a number of cyber attacks targeting Ukraine’s government and banking system in recent weeks, although Moscow has denied any involvement.
On Thursday, cybersecurity firm ESET said it had discovered new “wiper” malware targeting Ukrainian organizations. Such software aims to erase data from the systems it targets.
A day earlier, the websites of several Ukrainian government departments and banks were knocked offline by a distributed denial of service (DDoS) attack, which is when hackers overwhelm a website with traffic until it crashes.
It comes after a separate attack last week took down four Ukrainian government websites, which U.S. and U.K. officials attributed to GRU, the Russian military intelligence agency.
Ukrainian residents also reportedly received fake text messages saying ATMs in the country did not work, which cybersecurity experts say was likely a scare tactic.
The onslaught of attacks has led to fears of a wider digital conflict, with Western governments bracing for cyber threats from Russia — and considering how to respond.
Officials in both the U.S. and Britain are warning businesses to be alert to suspicious activity from Russia on their networks. Meanwhile, Estonian Prime Minister Kaja Kallas on Thursday said European nations should be “aware of the cybersecurity situation in their countries.”
NBC News reported Thursday that President Joe Biden has been presented with options for the U.S. to carry out cyberattacks on Russia to disrupt internet connectivity and shut off its electricity. A White House spokesperson pushed back on the report, however, saying it was “wildly off base.”
Nevertheless, cybersecurity researchers say an online conflict between Russia and the West is indeed a possibility — though the severity of any such event may be limited.
“I think it’s very possible, but I think it’s also important that we reflect on the reality of cyber war,” John Hultquist, vice president of intelligence analysis at Mandiant, told CNBC.
“It’s easy to hear that term and compare it to real war. But the reality is, most of the cyber attacks we’ve seen have been non-violent, and largely reversible.”
‘Spillover’
Toby Lewis, head of threat analysis at Darktrace, said the attacks have so far been largely focused on supporting Russia’s physical invasion of Ukraine.
“It is the physical land and territory that Russia appears to seek rather than economic leverage, for which a cyber-first campaign may be more effective,” he told CNBC.
However, researchers at Symantec said the wiper malware detected in Ukraine also affected Ukrainian government contractors in Latvia and Lithuania, hinting at a potential “spillover” of Russia’s cyber warfare tactics into other countries.
“This likely shows the beginning of the collateral impact of this cyber-conflict on global supply chains, and there may begin to be some effect on other Western countries that rely on some of the same contractors and service providers,” Lewis said.
Several European Union countries, including Lithuania, Croatia and Poland, are offering Ukraine support with the launch of a cyber rapid-response team.
“We have long theorized that cyber attacks are going to be part of any nation state’s arsenal and I think what we’re witnessing for the first time frankly in human history is cyber attacks have become the weapon of first strike,” Hitesh Sheth, CEO of Vectra AI, told CNBC’s “Squawk Box Asia” Friday.
Sheth suggested Russia could launch retaliatory cyber attacks in response to Western sanctions announced earlier this week.
“I would fully expect that, given what we are witnessing with Russia overtly attacking Ukraine with cyber attacks, that they would have covert channels as a way to attack institutions that are being deployed to curtail them in the financial community,” he said.
What happens next?
Russia has long been accused by governments and cybersecurity researchers of perpetrating cyber attacks and misinformation campaigns in an effort to disrupt economies and undermine democracy.
Now, experts say that Russia could launch more sophisticated forms of cyber attacks, targeting Ukraine, and possibly other countries too.
In 2017, an infamous malware known as NotPetya infected computers across the world. It initially targeted Ukrainian organizations but soon spread globally, affecting major corporations such as Maersk, WPP and Merck. The attacks were blamed on Sandworm, the hacking unit of GRU, and caused upward of $10 billion in total damage.
“If they actually focus these types of activity against the West, that could have very real economic consequences,” Hultquist told CNBC.
“The other piece that we’re concerned about is that they go after critical infrastructure.”
Russia has been digging at infrastructure in Western countries like the U.S., U.K. and Germany “for a very long time,” and has been “caught in the act” multiple times, Hultquist said.
“The concern, though, is we’ve never seen them pull the trigger,” Hultquist added. “The thinking has always been that they were preparing for contingency.”
“The question now is, is this the contingency that they have been preparing for? Is this the threshold that they’ve been waiting for to start carrying out disruptions? We’re obviously concerned that this could be it.”
Last year, Colonial Pipeline, a U.S. oil pipeline system, was hit by a ransomware attack that took critical energy infrastructure offline. The Biden administration says it doesn’t believe the Russian government was behind the attack, although DarkSide, the hacking group behind it, was believed to have been based in Russia.