With the Russian invasion of Ukraine now underway, cybersecurity experts say accompanying cyberattacks could bring threats to the United States.

The Russian invasion of its neighbor Ukraine began early Thursday. Russian President Vladimir Putin issued a warning to the West, saying any country that tried to “interfere” would face immediate consequences.

The FBI has asked U.S. businesses and local governments to be mindful of the potential for ransomware attacks as the crisis deepens.

John Dickson is Coalfire‘s vice president. He said the Russian invasion introduces a “new threat level.”

Coalfire’s John Dickson

“Businesses across the United States should be bracing for a variety of cybersecurity attacks, including ransomware and other familiar attacks,” he said. “In addition to these, I suspect we’ll see more disruptive and damaging malware (think wipers) attacks. Denial-of-service (DoS) attacks are not out of the question either. I’m recommending all businesses increase their awareness and readiness for cybersecurity right now. ”

Russian Invasion Playbooks

The Russians have “playbooks” and they use them, Dickson said.

“These playbooks provide the strategy and tactics for military, cyber, information operations, and ‘false flag’ operations,” he said. “The Russians also have playbooks that include broader disruption and what are ‘influence operations’ against the United States and the West. One example would be meddling in our 2016 presidential election. When the West levies punitive economic sanctions and the Russians happen to bump into NATO countries, look for these types of attacks to be directed towards the United States, and more broadly, the West.”

Hitesh Sheth is Vectra‘s president and CEO. He said the Russian invasion of Ukraine that “we see on TV is only a fraction of the conflict.”

Vectra’s Hitesh Sheth

“Cyber weapons are doing at least equal damage to Ukrainian computer networks, particularly financial and military systems,” he said. “We will never have more vivid proof that offensive cyber action is now a first-strike tactic, on a par with kinetic warfare.”

The sobering difference is conventional war is waged between nation-states. Cyber war poses severe risk to private interests, however reluctant and unwilling they are to become combatants. Escalating cyber conflict can lead to unanticipated consequences and casualties. No one is assured of remaining a spectator.

“To that end, no public or private organization can afford complacency about the events we are watching in real time,” Sheth said. “They prove the alarming point that antiquated cyber defenses centered on perimeter protection will fail under fire. Security begins at home. And private interests cannot rely on state-sponsored protection. They must audit and reinforce cyber defenses and prioritize AI-augmented detection and response. Doing so will contribute to stability in a worrisome time.”

Western Sanctions will Dictate Cyber Conflict

Rick Holland is Digital Shadows‘ CISO. He said the severity of Western sanctions will determine the next phase of the cyber conflict.

Digital Shadows’ Rick Holland

“If the sanctions are severe enough, it is reasonable to expect an escalated Russian cyber response,” he said. “As we have seen for years, no matter what the new sanctions look like, Russian social media disinformation campaigns will continue, further dividing the partisan United States. Western critical infrastructure would be targeted by distributed denial-of-service (DDoS) attacks and potentially destructive wiper attacks. This type of destructive Russian response would be a significant escalation and could risk a severe Western counter escalation. Tensions could escalate quickly and end in a dark place like the Cuban Missile Crisis.”

Years ago was the best time to prepare for any threat actor’s cyberattacks, Holland said. Building a resilient cybersecurity program takes time. There is no …

… easy button to protect your organization. Time can be a luxury, so there are practical things that defenders can do right now:

“You need to evaluate your DDoS mitigation capabilities,” he said. “If you are a likely target of Russian cyber aggression, you should assess DDoS mitigation services. You don’t want to onboard a new provider while a DDoS attack occurs. Prepare for it in advance. You need to evaluate your ability to detect and protect against destructive wiper malware. Schedule one for tomorrow if you haven’t done a tabletop exercise around this scenario. Hopefully you have completed a tabletop exercise, and you can use it as a reference to guide your mitigation strategy. Security leaders need to get ahead of the media headlines, control the narrative, and communicate up the chain of command. Explain to leadership the risk, likelihood and strategy going forward.”

Many Attack Vectors Possible

Alex Ondrick is BreachQuest‘s director of security operations.

BreachQuest’s Alex Ondrick

“Russian targets may be global, but primarily include Ukrainian military and government organizations, media organizations, e-services used by Ukrainian citizens and other private-sector organizations,” he said. “Targets will align with Russia’s political, military [and] economic (strategic) objectives. Attacks may include DDoS attacks, fraudulent messaging, malware attacks and website defacements.”

To stay safe, organizations should use multifactor authentication (MFA), change passwords once per year and rotate passwords across accounts/services, Ondrick said.

“Consumers can use sites like haveibeenpwned.com to see if they’ve been impacted by a security breach,” he said. “If you want to be extra careful, use at least a 12-character passwords. Regularly rotate passwords, especially on email/social media accounts, and for Wi-Fi and home routers.”

Saumitra Das is Blue Hexagon‘s CTO and co-founder.

Blue Hexagon’s Saumitra Das

“Business leaders should assume that there could be cyberattacks to disrupt operations, not just in the infrastructure sector, but anywhere disruption helps provide leverage to a nation-state,” he said. “Nation-state attackers usually can craft mutated attacks to render threat intelligence unhelpful, use living-off-the-land techniques to bypass endpoint security and focus on disruption rather than ransoming data, which can in many cases be easier to achieve.”