As the war in Ukraine escalates, it’s become increasingly clear that cyberattacks have become part of the playbook of modern warfare. Although the targets so far have been primarily Ukrainian government bodies, the threat has left many of us wondering - who is really at risk? Could the conflict-related cyberattacks spill over to average citizens in NATO countries and worldwide? How can we all stay safe?
Cyberattacks aren’t anything new
Cyberattacks aren’t new of course, and they didn’t begin with the current conflict in Ukraine. In fact, there’ve been a significant number of major cyberattacks in the recent past - both Russia-related and otherwise. For example, in January 2021, Mandiant, a private security firm, detected the “SolarWinds” attack by SVR, a Russian intelligence agency, AFTER it had infiltrated management software used by thousands of U.S. government agencies and private businesses, giving the Russian government access to them all.
Then, in March 2021, cybercriminals from the Chinese hacking group Hafnium exploited a vulnerability in Microsoft’s Exchange Server in an attack that gave the hackers access to the email accounts of 250,000 organizations globally. The attack impacted millions of Microsoft users, from private citizens to companies, to government agencies. An attack like that isn’t limited to emails either - once the hackers have infiltrated an email account, they can get into any account associated with that email, including social media, and shopping accounts, getting access to people’s credit cards and devices.
The attacks didn’t stop there. In July 2021, Microsoft disclosed another bug called Print Nightmare that allows multiple users to access connected printers through Windows Print Spooler. Hackers used a vulnerability in both Windows 7 and Windows 10 to view or delete data, install programs, or create new user accounts. If you were one of the unlucky victims, all of your data could have disappeared overnight, or alternatively, someone could have installed programs on your device without you even being aware that it had happened.
“Experts expect to see more cyberattacks than ever as the conflict continues to escalate.”
Cyberattacks against Ukraine
Those attacks all took place before the current conflict broke out in Ukraine, and intelligence experts expect to see more cyberattacks than ever as the conflict continues to escalate.
We’ve already seen evidence of a cyber agenda - in the first week of the Russian invasion, as the Russian tanks and artillery began advancing towards Ukraine, Microsoft’s Threat Intelligence Center noticed a new type of wiper malware that seemed to be aiming at Ukrainian government ministries and financial institutions. The malware, later named “FoxBlade”, could erase data on computers on any network.
While Microsoft was able to update its virus detection systems to block the FoxBlade code within three hours, there is no guarantee that in the future, a similar malware attack won’t succeed, or that it will remain limited to government assets. Meta, the parent company of Facebook, Whatsapp, and Instagram also reported. Meta locked the accounts and notified the users - but the companies may not always be able to stay ahead of the criminals.
The majority of the recent attacks weren’t conducted directly by Russian government agencies, presumably so that the Russian government could deny involvement when the attacks were uncovered. Many seem to have been affiliated with a group called Ghostwriter, located in Belarus, that is known for taking over email accounts and then using the email accounts to hack social media accounts. While Ghostwriter has focused on public figures to date, security experts say that they’ve upped the ante since the beginning of the current conflict.
How does all this impact me?
You may be asking - how does all of this affect me? There is no one answer to that question, but there are some clear potential risks. For example, as Russia becomes increasingly isolated and the economic sanctions start to become painful, there’s no guarantee that the general public in NATO countries, including the United States, won’t become a target.
The Russian government and its proxies could easily make the calculation that since the Russian public is suffering from the collateral damage of the sanctions, the general public in NATO countries should suffer too. Instead of focusing attacks on heavily-defended government bodies, public figures, and big businesses, they could transition to mass email and social media hacks. Alternately, non-government hackers could take advantage of the political distraction and launch their own attacks for financial or other benefits.
While there’s no need to panic, it’s a good idea to be aware of what’s going on and take simple precautions for what could turn into a cyberattack escalation. Put simply, rather safe than sorry.
Beefing up your cyber defenses now will give you the peace of mind that your digital assets are safe, even if the geopolitical situation remains unstable. Luckily, it’s easier than ever to do. Just download the Cyrus app to get identity, financial, and credit protection across every device, profile, and website. You’ll be glad you did.