The cybersecurity firm Mandiant is warning that Russia’s conflict over Ukraine may yield attacks in cyberspace that cause harm around the world.
John Hultquist, Mandiant‘s vice president of intelligence analysis, said in a video briefing that his firm has regularly informed its customers that chaos in Ukraine could affect them, and Mandiant is now spreading the word more broadly.
Prospects of a Russian military invasion into Ukraine have grown with more than 100,000 troops massed on its border with Ukraine.
Mr. Hultquist said Russia hijacks supply chains, does information and influence operations and conducts cyberattacks and cyber espionage.
“It’s important to remember that even though a lot of this activity stays within this historic sphere of influence [of the former Soviet Union], or we often see a lot of it in the historic sphere of influence, as we escalate it’s just more likely to leak out of that area,” Mr. Hultquist said. “I think one of our concerns is just can we learn from the activity that’s going on in the area and prepare for it elsewhere?”
Matthew McWhirt, Mandiant consulting managing director, said organizations should take steps to remove the avenues that adversaries have to breach their network, such as by looking for applications and services with vulnerabilities.
SEE ALSO: Federal agency urges better defenses after Russian cyber hit on Ukraine
“We’re not going to be able to shut off every door or stop an adversary that’s really targeting an organization from getting in,” Mr. McWhirt said. “Phishing is probably one of the main ways that they can still get in, even if you have hard perimeter defenses, but it is good to obviously understand what is your attack surface? What does it look like? Especially start from the internet, the external-facing perspective, and think like an attacker would.”
The Mandiant team noted that hopes that Russia will distinguish between the public and private sectors when conducting cyber operations are “probably naive.”
Private cybersecurity experts are not the only ones warning people to brace for chaos spreading from Russia. Last week, U.S. cyber officials published a joint advisory warning of Russian threats to U.S. critical infrastructure.
The Cybersecurity and Infrastructure Security Agency, FBI and National Security Agency urged critical infrastructure network defenders and the broader cybersecurity community to “adopt a heightened state of awareness, conduct proactive threat hunting, and implement the mitigations identified in the joint [cybersecurity advisory]” because of threats of malicious cyber action from Russia.
The new advisory came just before word spread that Russia apprehended one of the suspected attackers behind last year’s cyberattack on Colonial Pipeline, a major U.S. fuel provider.
A senior Biden administration official told reporters last week that the U.S. government did not believe Russia’s arrest of the alleged cyberattacker was related to the escalating tension between Russia and Ukraine. The official said the U.S. government could not speak to the Kremlin’s motives.
SEE ALSO: Ukrainian government websites hit with massive hack
Cyber chaos has already hit Ukraine. Ukrainian government computer networks were disrupted last week by a cyberattack that included threatening messages. Microsoft said it was investigating and a Ukrainian official has identified Russia as the likely suspect.
Mr. Hultquist said it appeared that hackers compromised a content management system that they leveraged to get access to the government websites that were defaced. He said the hackers appeared to cover their tracks by faking a connection to Poland.
“What we know about the defacement is it included a lot of specific remarks about disputes between Poland and Ukraine and suggested that the person who wrote the defacement or did this operation was a Polish nationalist,” Mr. Hultquist said. “It also included an image file used in this defacement [and] GPS coordinates associated with Poland, again suggesting an origin in Poland. We think that’s probably all fabricated.”
Mr. Hultquist said before Russia invaded Georgia in 2008, he saw a ton of information operations and cyberattacks preceding that invasion.
He said as the U.S., Britain and other allied countries take a supportive role with Ukraine, Russia will perceive that as aggression and he expects them to respond.