The ongoing situation in Ukraine means organisations around the world should be prepared to defend their networks against cyberattacks originating from Russia – although the potential impact of aggressive cyber activity shouldn’t be overestimated.
“Concerns are reasonable and valid; Russia has a well-established history of aggressively using their considerable cyber capabilities in Ukraine and abroad,” said Sandra Joyce, executive vice president of global intelligence at cybersecurity company Mandiant, which regularly tracks hostile Russian cyber activity.
Russia is suspected of being behind offensive cyber campaigns against other countries, including cyberattacks against Georgia, as well as attacks that took down Ukrainian power grids in December 2015.
SEE: A winning strategy for cybersecurity (ZDNet special report)
NotPetya was designed to target organisations in the Ukrainian financial, energy and government sectors, but powered by EternalBlue – a leaked NSA hacking tool – the self-replicating virus quickly spread to organisations around the world.
It wiped networks and caused what was estimated as billions of dollars in damages as victims across Europe, Asia and the Americas were impacted by a cyberattack that wasn’t directly aimed at them. Mandiant warned that this type of incident could potentially happen again.
“We are concerned that, as the situation escalates, serious cyber events will not merely affect Ukraine,” said Joyce.
“But while we are warning our customers to prepare themselves and their operations, we are confident that we can weather these cyberattacks. We should prepare, but not panic because our perceptions are also the target,” she added.
Organisations that fell victim to NotPetya did so because they hadn’t yet applied critical security updates, which were released months before and were designed to protect networks against EternalBlue.
Meanwhile, cyber criminals and nation state-backed hackers continue to take advantage of security issues like the vulnerabilities in Microsoft Exchange, which received critical security updates last year but, in many cases, still haven’t been applied by businesses or consumers.
Applying security patches in a timely manner can go a long way to protecting networks and infrastructure against intrusions.
“We are imploring our customers and community to prepare for disruptive and destructive attacks, similar to those that have recently transpired in Ukraine,” said Joyce.
“Many of the same steps defenders might take to harden their networks against ransomware crime will serve to prepare them from a determined state actor – if they take them now”.
Mandiant also warned that part of the strategy behind offensive cyber activity is designed to create worry and uncertainty. By ensuring that networks are as well-defended against attacks as possible, the damage done by attacks can be minimised, avoiding the panic that adversaries hope to generate.
“Cyberattacks can be costly for individual organisations and may even seem frightening to some, but their real target is our perceptions. The purpose of these cyberattacks is not simply to wipe hard drives or turn out the lights, but to frighten those who cannot help but notice,” said Joyce.
“The audience of these attacks is broad, but it is also empowered to determine how effective they are. While these incidents can be quite serious for many, we must remain mindful of their limitations. We only do the adversary a service by overestimating their reach.”
Mandiant’s warning follows a similar warning from the UK’s National Cyber Security Centre in January, which urged organisations to take action to bolster their cyber resilience as a result of the ongoing tensions around Russia and Ukraine.
In recent weeks, Ukraine has faced DDoS attacks affecting government services as well as banks, while government websites have been defaced. Nobody has yet explicitly claimed responsibility for the attacks.