Over the last few weeks, the ongoing conflict in Ukraine due to the Russian military invasion has led to global tensions and widespread support for Ukraine and all affected parties. The situation is being monitored with intense scrutiny as companies are wary of possible repercussions to their businesses, as well as to the broader economic environment. A rising concern is the possibility of cyber attacks by Russian hackers, and institutions are reporting on their acknowledgement of cyber risks from Russia and possible preventative measures they are willing to take from a cybersecurity standpoint. We have conducted an analysis of commentary and found two primary areas of focus:
Acknowledgement of Russian Cybersecurity Threats: Following the invasion of Ukraine, institutions globally have condemned Russia’s military actions, while also acknowledging the higher risk of cyber attacks prompted due to the crisis, noting that companies should be on high alert and deploy preventative measures to mitigate the possibility of being impacted.
Potential Government Responses to a Russian Cyberattack: Several institutes and industry experts have weighed in on the potential disruption that a Russian cyber attack could cause, based on historical evidence and current circumstances. They are speculating how a government response would look like if the looming cyber threat from Russia became a reality.
Following the invasion of Ukraine, institutions globally have condemned Russia’s military actions, while also acknowledging the higher risk of cyber attacks prompted due to the crisis, noting that companies should be on high alert and deploy preventative measures to mitigate the possibility of being impacted.
Several hours before the launch of missiles or movement of tanks on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure. We immediately advised the Ukrainian government about the situation, including our identification of the use of a new malware package (which we denominated FoxBlade), and provided technical advice on steps to prevent the malware’s success. In recent days, we have provided threat intelligence and defensive suggestions to Ukrainian officials regarding attacks on a range of targets, including Ukrainian military institutions and manufacturers and several other Ukrainian government agencies. This work is ongoing.
- Brad Smith – Microsoft, President & Vice-Chair
We made the decision last week to terminate services to those customers based in Russia. And our belief was that the network that we operate could allow those companies or the government of Russia to use our facilities for cyber warfare. Cogent carries about 25% of the world’s Internet traffic. These are very large connections and could be used in an offensive manner. They can also be used to disseminate propaganda or disinformation.
Now, it was a difficult decision because we are concerned about an open Internet and freedom for content to flow uncensored to end users. We felt that many of the other smaller providers who cover the market would still allow those Russian citizens to get access to flat files, text messages, lower bandwidth forms of content through other providers. Almost no incumbent operator or major access network uses just one provider. It was a difficult decision, but we think it was the correct one.
- David Schaeffer – Cogent Communications Holdings, Inc., Founder, Chairman, Chief Executive Officer & President
Finally, in our business, we need to stay on top of cybersecurity issues globally. We are therefore watching the situation in Ukraine closely. Modern warfare increasingly includes the cyber battlefield. While they don’t generate meaningful revenue, we have onboarded a number of Ukrainian businesses, news outlets, and government organizations in anticipation of potential attacks. While we hope the current tensions will resolve peacefully, we have experience mitigating nation state cyberattacks and we are prepared to defend our customers and network whatever may come.
- Matthew Prince – Cloudflare, Inc., Chairman, Co-Founder & Chief Executive Officer
Overall, we saw continued momentum in the core strategic opportunities with 19 new growth CEM deals around the world. Recent events that include the crisis in Ukraine, threats of cyberattacks and criminals on global assets, the recent hostage incidents in the Texas synagogue, wildfires in the West Coast and the ongoing global supply chain disruption highlight that our mission has never been more important. Everbridge continues to be involved in the most critical events around the world, impacting both public and private organizations to keep people safe and businesses running. Organizations are responding to duty of care and desire for operational resilience by turning the Everbridge.
- Vernon L. Irvin – Everbridge, Inc., Co-Chief Executive Officer & Chief Revenue Officer
We see attacks like the recent Microsoft video conferencing breaches as underscoring a need more than ever to tighten up on clear areas of vulnerability, like privacy-weak video conferencing platforms. All allies of Ukraine should be on the highest alert for a surge in retaliatory cyber-attacks from Russian intelligence sources. Right now, hackers are seizing on ‘cyber-holes’ within general purpose video conferencing platforms where they can penetrate defenses to reach critical information and create havoc. We’re seeing a dramatic increase in the adoption of our security-first platform by organizations with confidential data, among them healthcare facilities with sensitive patient information. No video conferencing system should ever allow a person to login that wasn’t authorized to join.
- George Waller – StrikeForce Technologies Inc., EVP & Co-Founder
PostNL is more and more an IT-driven company. That’s not something of the last year that I think it changed over the last five years. We do have a separate and dedicated cyber and cybersecurity unit in our own company. There are close links with the other companies in the Netherlands and close links to the NCTV in the Netherlands. And that means that we have a dedicated team at this moment in time for – to protect us for possible cyber-attack from Russia or the Ukraine. So, yes, it does have lots of attention. It needs also lots of attention because, as you do know, those risks develop much faster than you sometimes can imagine. And it has specific attention at this moment in time because of what’s happening geopolitically.
- Hendrica W. P. M. A. Verhagen – PostNL NV, Chief Executive Officer & Chairperson
Software supply chain cyberattacks can be extremely disruptive, and we want to help organizations become more resilient against these attacks. Unfortunately, there’s not enough best practice information and security tooling available freely in the market to help against this relatively new attack vector. After seeing the increase in frequency and severity of cyber-attacks related to Russia’s invasion of Ukraine, we decided to step up and offer a free risk assessment to do our part to help.
- Roni Fuchs – Legit Security, Chief Executive Officer
As the situation continues to unfold in Ukraine and affected regions, the safety of our employees, customers, and partners in the region and around the world remains a top priority. Fortinet is committed to supporting our Ukrainian team members and our customers. We will also continue to support our employees in Russia who are being unwillingly impacted.
We are working with customers and governments worldwide to help defend against Russian cyber attacks. As a founding member of the World Economic Forum Centre for Cybersecurity, and through our partnerships with the Cyber Threat Alliance, and Joint Cyber Defense Collaborative (JCDC) convened by the U.S. Cyber and Infrastructure Security Agency (CISA), Fortinet is actively collaborating across a global network of NGO, industry, and public sector organizations in efforts to secure people, devices, and data everywhere.
- 07 MAR 22 – Fortinet Announces It Has Suspended Operations in Russia – Press Release
Several institutes and industry experts have weighed in on the potential disruption that a Russian cyber attack could cause, based on historical evidence and current circumstances. They are speculating how a government response would look like if the looming cyber threat from Russia became a reality.
Previous Russian attacks on Ukraine’s power grid and other Russian cyber actions have already had an impact on U.S. national security because we face the same threat. Russian hackers penetrated networks connecting U.S. electric companies in 2017, placing cyber implants that-if not discovered-could have led to severe outages. Cyberattacks attributed to Russia also occurred in 2020 against the U.S. computer industry (‘SolarWinds’) and in 2021 against the national energy infrastructure (‘Colonial Pipeline’). Russia has been exploiting U.S. networks for purpose of espionage since the mid-1990s, if not earlier. Using similar techniques to conduct cyberattacks against critical government and commercial infrastructure is fairly trivial by comparison. The U.S. government has taken the Russian cyber threat seriously, establishing U.S. Cyber Command in 2010 to deal with cyber threats against government and military entities and the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security in 2018 to address cyber threats to critical infrastructure. We also updated our national security strategy in 2017 and national cyber strategy in 2018 to include cyberspace as a critical component of national security. We also have a ‘declaratory policy’ stating that the U.S. will respond to cyberattacks with ‘swift and costly consequences’ to any country that conducts ‘significant malicious cyber activities’ against the United States.
- Terry Thompson – Johns Hopkins School for Advanced International Studies, ISI Lecturer
Several attempts were actually made to assess the national cyber power of states, however, Ukraine was not among them due to the lack of data. While the research community is still in the dark about Ukraine’s cyberspace capabilities, we can assume that due to the fact that Ukraine was targeted by Russian cyberattacks ever since the annexation of Crimea, their cyber defense teams should be highly experienced. The Ukrainian government has called upon the country’s hacking community to help protect their infrastructure, conduct espionage and disruptive activities against Russian forces. In addition, certain international hacking collectives (such as Anonymous) declared that they would act against Russian targets.
- Omree Wechsler – Tel Aviv University, Senior Researcher for TAU’s Yuval Ne’eman Workshop for Science, Technology and Security
Right now, we don’t have any indications of immediate attack, but we do know that Russians have at least conducted reconnaissance activities against our critical infrastructure for years and may have implanted some sort of tools to impact these services in response to U.S. or allied foreign policy action. That’s one kind of incident we may see, or we could be collateral damage from attacks on Ukraine, or even be targets of more tactical operations like DDoS attacks…I can’t speak to other countries, but here in the U.S., it’s definitely a function of public and private cooperation. Cybersecurity is a long game. It’s a strategic investment, and engagement between companies and federal and state government is vital. It also depends on an individual’s awareness and action. It’s our own devices, and our organizations’ devices and systems, that we need to be protecting. The U.S. military, through the U.S. Cyber Command and other government agencies, is certainly doing what it can to lean forward and identify potential attacks in international spaces, but it can’t see everything. And of a lot of activity is already happening within our own domestic networks. Monitoring there comes down to our private sector – private businesses and organizations – with advice and some assistance from CISA and the FBI
- Lauren Zabierek – Harvard Kennedy School, Director of Cybersecurity and Infrastructure Security Agency