As the Russia-Ukraine war begins, cybersecurity experts fear the crisis may spill over to the cyber space, and have cautioned organisations to prepare a plan to thwart attacks on critical infrastructure.

Some of the cyber attacks that Ukraine suffered in the last few weeks could be launched against other governments and organisations that are working with Ukraine. The list includes DDoS, wiper attacks and malware that defaces websites.

“Over the past nine days, the conflict between Russia and Ukraine has escalated substantially, including significant increases in cyberattacks. Beginning on February 15, a series of distributed denial of service (DDoS) attacks commenced,” said Unit 42, an arm of the cybersecurity solutions company Palo Alto Networks.

“These attacks have continued over the past week, impacting both the Ukrainian government and banking institutions. On February 23, a new variant of wiper malware named HermeticWiper was discovered in Ukraine. Shortly after, a new round of website defacement attacks were also observed impacting Ukrainian government organizations,” a report prepared by Unit 42 on the Russia-Ukraine crisis points out.

Several western governments have issued recommendations for their populations to prepare for cyberattacks that could disrupt, disable or destroy critical infrastructure.

“Future attacks may target US and Western European organizations in retaliation for increased sanctions or other political measures against the Russian government,” it cautioned.

Cyber Security and Infrastructure Security Agency of the United States said it recommends organisations, regardless of size, to adopt “a heightened posture” when it comes to cybersecurity and protecting their most critical assets.

It wants them to reduce the likelihood of a damaging cyber intrusion and validate that all remote access to the organisation’s network.

Besides disabling all ports and protocols that are not essential for business purposes, it wants the IT teams to review and implement strong controls outlined in CISA’s guidance.

“If working with Ukrainian organisations, take extra care to monitor, inspect, and isolate traffic from those organisations,” it cautioned.

“As the situation in Ukraine unfolds, the prospect of serious cyber attacks has captured the attention of cyber intelligence professionals,” said Sandra Joyce, Executive Vice-President and Head of Global Intelligence of Mandiant.

“Concerns are reasonable and valid. Russia has a well-established history of aggressively using their considerable cyber capabilities in Ukraine and abroad. We are concerned that as the situation escalates, serious cyber events will not merely affect Ukraine,” she said in a blog.

She, however, felt that there was no need to panic. “While we are warning our customers to prepare themselves and their operations, we are confident that we can weather these cyber attacks. We should prepare, but not panic because our perceptions are also the target,” she pointed out.

“We are imploring our customers and community to prepare for disruptive and destructive attacks, similar to those that have recently transpired in Ukraine,” she said.

comment COMMENT NOW