Join today’s leading executives online at the Data Summit on March 9th. Register here.
Cyber experts warned of increased risk of cyberattacks from Russia, following the latest sanctions announced over Ukraine — which dropped major Russian banks from the SWIFT financial system.
Russian President Vladimir Putin has threatened retaliation against the west for what he perceives as interference in the country’s unprovoked assault on its neighbor Ukraine. And as is well known, both the Russian government itself and affiliated cybercriminal gangs possess significant cyberattack capabilities — and Russia has a history of using them in geopolitical contexts.
Authorities in the U.S. and U.K. blamed Russia for last week’s massive distributed denial-of-service (DDoS) attacks in Ukraine. And fresh DDoS attacks, as well as destructive cyberattacks that involved wiper malware, struck Ukraine on Wednesday just ahead of the invasion.
But thus far, “I’m willing to bet that the Russians haven’t used even a fraction of the bullets in their cyber arsenal,” said Eric Byres, CTO of cyber firm aDolus Technology, in an email.
Today, several large Russian banks were removed from SWIFT in a move coordinated by the U.S. and the European Commission, as well as by the U.K., France, Germany, Italy and Canada.
SWIFT, which stands for Society for Worldwide Interbank Financial Telecommunication, is a messaging system that enables banks to transact with each other internationally. The move essentially prevents the Russian banks from carrying out international transactions, according to reports.
While seen as a necessary step to penalize Putin for his invasion of Ukraine — already responsible for at least hundreds of casualties, including Ukrainian civilians — the move nevertheless raises the likelihood that Putin will respond against the west, including potentially with a wave of cyberattacks. Previously, expelling Russian banks from SWIFT had been characterized by some as the “last resort” and the “nuclear option.”
“Putin/Russia getting completely isolated economically & diplomatically,” wrote Dmitri Alperovitch, cofounder and former CTO of CrowdStrike and a Russian expat, in a tweet today.
“The danger: Putin has very little to lose now. He is cornered. May go all out on economic and cyber retaliation,” wrote Alperovitch, who is now executive chairman at the Silverado Policy Accelerator think tank.
The expulsion from SWIFT is a “significant escalation from the initial sanctions announced on Thursday,” said Rick Holland, CISO at Digital Shadows, in an email.
“The SWIFT removal significantly increases the risks of state-executed or state-encouraged Russian cyberattacks against the West,” Holland said.
Before the announcement, he noted, ransomware groups including Conti and CoomingProject had pledged to aid Russia from a cyber perspective in its efforts over Ukraine.
“If Russia encourages or even incents cybercriminal targeting against Western companies, the threat level increases dramatically,” Holland said. “There is also a risk of a potential escalatory spiral if the U.S. retaliates against these attacks.”
Ultimately, “as the Cybersecurity and Infrastructure Security Agency (CISA) says, we need ‘Shields Up‘ right now — because the cyber threat level for the financial and energy sectors, in particular, is perhaps the highest it has been in years,” he said.
In the past, many in the west have made the assumption that Putin would stop short of unleashing the full brunt its cyber capabilities on the west over Ukraine.
“I originally believed that Putin was a rational actor that wouldn’t want to launch major cyberattacks in the U.S., as that would provoke similar attacks in response,” Byres said. “After all, his goal was to subdue Ukraine, not the U.S.”
However, “after reading the full translation of his speech on Tuesday, reviewing the commentary from a number of Russian political analysts and talking to cyber analysts looking at known intrusions in the U.S., I’m not so sure anymore,” Byres said. “I worry that Putin believes he is bulletproof and the U.S. is weak.”
Putin has made it clear that the entire Western world is his enemy and all options are on the table, according to Byres.
Ukraine’s ‘IT army’
Meanwhile, cyber efforts in Ukraine itself appeared to advance further on Saturday. Mykhailo Fedorov, Ukraine’s vice prime minister, announced on Twitter, “We are creating an IT army.”
“We need digital talents,” wrote Fedorov, who also holds the title of minister of digital transformation — sharing a link to a Telegram channel where he said operational tasks will be distributed. “We continue to fight on the cyber front.”
Anonymous is the most visible group to pledge a cyber offensive against Russia on behalf of Ukraine, but some of the most sophisticated hacker groups are known to avoid attention as much as possible — including some that are believed to be aligned with the U.S. and western countries.
On Friday, Christian Sorensen, a former U.S. Cyber Command official, told VentureBeat that “hacktivists around the world [will be] working against Russia, because they are the aggressor.”
“I think things will ramp up against western targets, but Russia and Belarus will be targeted by these groups even more” said Sorensen, formerly the operational planning team lead for the U.S. Cyber Command.