Russia has been blamed for a number of cyberattacks targeting Ukraine’s government and banking system in recent weeks.
On Thursday, cybersecurity firm ESET said it had discovered new “wiper” malware targeting Ukrainian organizations. Such software aims to erase data from the systems it targets.
A day earlier, the websites of several Ukrainian government departments and banks were knocked offline by a distributed denial of service (DDoS) attack, which is when hackers overwhelm a website with traffic until it crashes.
It comes after a separate attack last week took down four Ukrainian government websites, which U.S. and U.K. officials attributed to the GRU, the Russian military intelligence agency.
Ukrainian residents also reportedly received fake text messages saying ATMs in the country did not work, which cybersecurity experts say was likely a scare tactic.
For its part, Russia says it “has never conducted and does not conduct any ‘malicious’ operations in cyberspace.”
Officials in both the U.S. and Britain are warning businesses to be alert to suspicious activity from Russia on their networks. Meanwhile, Estonian Prime Minister Kaja Kallas on Thursday said European nations should be “aware of the cybersecurity situation in their countries.”
NBC News reported Thursday that President Joe Biden has been presented with options for the U.S. to carry out cyberattacks on Russia to disrupt internet connectivity and shut off its electricity. A White House spokesperson pushed back on the report, however, saying it was “wildly off base.”
Nevertheless, cybersecurity researchers say an online conflict between Russia and the West is indeed a possibility — though the severity of any such event may be limited.
“I think it’s very possible, but I think it’s also important that we reflect on the reality of cyberwar,” John Hultquist, vice president of intelligence analysis at Mandiant, told CNBC.
“It’s easy to hear that term and compare it to real war. But the reality is, most of the cyberattacks we’ve seen have been nonviolent, and largely reversible.”
‘Spillover’
Toby Lewis, head of threat analysis at Darktrace, said the attacks have so far been largely focused on supporting Russia’s physical invasion of Ukraine.
“It is the physical land and territory that Russia appears to seek rather than economic leverage, for which a cyber-first campaign may be more effective,” he told CNBC.
However, researchers at Symantec said the wiper malware detected in Ukraine also affected Ukrainian government contractors in Latvia and Lithuania, hinting at a potential “spillover” of Russia’s cyberwarfare tactics into other countries.
“This likely shows the beginning of the collateral impact of this cyber-conflict on global supply chains, and there may begin to be some effect on other Western countries that rely on some of the same contractors and service providers,” Lewis said.
Several European Union countries, including Lithuania, Croatia and Poland, are offering Ukraine support with the launch of a cyber rapid-response team.
“We have long theorized that cyberattacks are going to be part of any nation-state’s arsenal and I think what we’re witnessing for the first time frankly in human history is cyberattacks have become the weapon of first strike,” Hitesh Sheth, CEO of Vectra AI, told CNBC’s “Squawk Box Asia” on Friday.
Sheth suggested Russia could launch retaliatory cyberattacks in response to Western sanctions announced earlier this week.
“I would fully expect that, given what we are witnessing with Russia overtly attacking Ukraine with cyberattacks, that they would have covert channels as a way to attack institutions that are being deployed to curtail them in the financial community,” he said.
What happens next?
Russia has long been accused by governments and cybersecurity researchers of perpetrating cyberattacks and misinformation campaigns in an effort to disrupt economies and undermine democracy.
Now, experts say Russia could launch more sophisticated forms of cyberattacks, targeting Ukraine, and possibly other countries, too.
In 2017, an infamous malware known as NotPetya infected computers across the world. It initially targeted Ukrainian organizations but soon spread globally, affecting major corporations such as Maersk, WPP and Merck. The attacks were blamed on Sandworm, the hacking unit of GRU, and caused upward of $10 billion in total damage.
“If they actually focus these types of activity against the West, that could have very real economic consequences,” Hultquist told CNBC.
“The other piece that we’re concerned about is that they go after critical infrastructure.”
Russia has been digging at infrastructure in Western countries like the U.S., U.K. and Germany “for a very long time,” and has been “caught in the act” multiple times, Hultquist said.
“The concern, though, is we’ve never seen them pull the trigger,” Hultquist added. “The thinking has always been that they were preparing for contingency.”
“The question now is, is this the contingency that they have been preparing for? Is this the threshold that they’ve been waiting for to start carrying out disruptions? We’re obviously concerned that this could be it.”
Last year, Colonial Pipeline, a U.S. oil pipeline system, was hit by a ransomware attack that took critical energy infrastructure offline. The Biden administration says it doesn’t believe Moscow was behind the attack. DarkSide, the hacking group responsible, was believed to have been based in Russia.