Russian Invasion of Ukraine Brings ‘New Threat Level’ to U.S. Organizations

With the Russian invasion of Ukraine now underway, cybersecurity experts say accompanying cyberattacks could bring threats to the United States.

The Russian invasion of its neighbor Ukraine began early Thursday. Russian President Vladimir Putin issued a warning to the West, saying any country that tried to “interfere” would face immediate consequences.

The FBI has asked U.S. businesses and local governments to be mindful of the potential for ransomware attacks as the crisis deepens.

John Dickson is Coalfire‘s vice president. He said the Russian invasion introduces a “new threat level.”

Coalfire’s John Dickson

“Businesses across the United States should be bracing for a variety of cybersecurity attacks, including ransomware and other familiar attacks,” he said. “In addition to these, I suspect we’ll see more disruptive and damaging malware (think wipers) attacks. Denial-of-service (DoS) attacks are not out of the question either. I’m recommending all businesses increase their awareness and readiness for cybersecurity right now. ”

Russian Invasion Playbooks

The Russians have “playbooks” and they use them, Dickson said.

“These playbooks provide the strategy and tactics for military, cyber, information operations, and ‘false flag’ operations,” he said. “The Russians also have playbooks that include broader disruption and what are ‘influence operations’ against the United States and the West. One example would be meddling in our 2016 presidential election. When the West levies punitive economic sanctions and the Russians happen to bump into NATO countries, look for these types of attacks to be directed towards the United States, and more broadly, the West.”

Hitesh Sheth is Vectra‘s president and CEO. He said the Russian invasion of Ukraine that “we see on TV is only a fraction of the conflict.”

Vectra’s Hitesh Sheth

“Cyber weapons are doing at least equal damage to Ukrainian computer networks, particularly financial and military systems,” he said. “We will never have more vivid proof that offensive cyber action is now a first-strike tactic, on a par with kinetic warfare.”

The sobering difference is conventional war is waged between nation-states. Cyber war poses severe risk to private interests, however reluctant and unwilling they are to become combatants. Escalating cyber conflict can lead to unanticipated consequences and casualties. No one is assured of remaining a spectator.

“To that end, no public or private organization can afford complacency about the events we are watching in real time,” Sheth said. “They prove the alarming point that antiquated cyber defenses centered on perimeter protection will fail under fire. Security begins at home. And private interests cannot rely on state-sponsored protection. They must audit and reinforce cyber defenses and prioritize AI-augmented detection and response. Doing so will contribute to stability in a worrisome time.”

Western Sanctions will Dictate Cyber Conflict

Rick Holland is Digital Shadows‘ CISO. He said the severity of Western sanctions will determine the next phase of the cyber conflict.

Digital Shadows’ Rick Holland

“If the sanctions are severe enough, it is reasonable to expect an escalated Russian cyber response,” he said. “As we have seen for years, no matter what the new sanctions look like, Russian social media disinformation campaigns will continue, further dividing the partisan United States. Western critical infrastructure would be targeted by distributed denial-of-service (DDoS) attacks and potentially destructive wiper attacks. This type of destructive Russian response would be a significant escalation and could risk a severe Western counter escalation. Tensions could escalate quickly and end in a dark place like the Cuban Missile Crisis.”

Years ago was the best time to prepare for any threat actor’s cyberattacks, Holland said. Building a resilient cybersecurity program takes time. There is no …