Russia’s attack on Ukraine sent shares in major cybersecurity groups higher, as investors bet that demand for their products would pick up amid fears of cyberattacks. on the battlefield will spill over to computers around the world.
The discovery of “wipe” malware in Ukraine this week, which can permanently delete data on infected computers, has spurred companies to scramble to bolster their defenses. lest it spread to other countries.
CrowdStrike, which discovered Russian hackers inside the servers of the US Democratic National Committee in 2016, was up about 10% on Thursday, as did well-known threat intelligence firm Mandiant . Both Palo Alto Networks and California-based Cloudflare are up 12%.
Critical infrastructure groups, such as financial institutions, pipelines, airlines and power companies, are also urged to prepare for the possibility of weakening attacks from Russia or Russia-related parties, such as ransomware criminal groups, in the event of an escalation of cyberwarfare. .
“This is not business as usual. There’s a war going on in Europe, and the war has evolved – the technologies we rely on can create opportunities for the bad guys,” said Chris Krebs, former Director of the National Agency for Cyber and Cybersecurity. U.S. infrastructure, and head of network consulting firm Krebs Stamos Group.
“Amid rising tensions, the reality is that the Russians have considerable capacity and they have targeted us in the past for intelligence gathering and other types of disruptive attacks. . . We need to take the time to prepare. ”
Intelligence agencies have warned for months that Russia’s attack on Ukraine will be accompanied by cyberattacks, including a repeat of attacks on infrastructure, such as the power outage last year. 2015 in Kyiv is blamed on Russian intelligence.
Last week, the US Cybersecurity and Infrastructure Agency alert about the “consequences to our nation’s critical infrastructure,” urging U.S. companies to bolster their defenses with the slogan “shield.”
President Joe Biden on Thursday hinted at the possibility of a tit-for-tat response: “If Russia pursues cyberattacks against our companies, our critical infrastructure , we are prepared to respond.”
Reuven Aronashvili, who helped form the Israeli army’s “Red Team” unit and now runs a cybersecurity company called CYE, said corporations have sent requests to his company for help. “We are seeing a very significant increase – in the last 48 hours alone, we have seen demand increase by almost 10 times.”
He added that Russian organizations are also preparing for the possibility of being caught up in retaliatory attacks from the West, which he has never witnessed before.
Theresa Payton, a former White House chief information officer who is now the chief executive officer of cybersecurity consulting firm Fortalice Solutions, said the FBI “has been out in the news all week about various concerns they have. yes” through the InfraGard system, a partnership with the private sector. designed to promote “the protection of critical U.S. infrastructure”.
“We’ve had a number of organizations ask us to help them accelerate the rollout of the changes they’re already making,” she said. “This week, it was fast and furious.”
In particular, there are concerns that malware discovered last week, which has been hiding in some Ukrainian computer systems since December, could spread.
A similar 2017 malware, nicknamed “NotPetya” and attributed to Russia by US intelligence, caused $10 billion in damage to computer systems worldwide after “jumping the rails” ” Ukrainian targets that it was designed to neutralize and attack large companies like Maersk.
This time around, the malware doesn’t appear to spread as quickly as it initially did, but destroys data so effectively that it renders infected systems inoperable, experts say. It is similar to a wiper malware discovered by Microsoft in January that has spread to computers in Latvia and Lithuania, both NATO countries. Neither malware is directly attributed to Russia.
Several Ukrainian government websites have been brought down by “denial of service” attacks, in which hackers use bots around the world to bring down websites by flooding them with requests for information. The US has directly blamed one of these attacks on Russia.
While these do not represent a threat to other companies, experts warn that significantly more sophisticated attacks could soon emerge.
“What we’ve seen and generally seen in Russia’s attacks in Ukraine is that they low-level harassment attack. “In a way, we see that what the Russians are doing is experimenting. . . they didn’t unleash the full destructive potential they were planning. ”
Suzanne Spaulding, a security expert at the Center for Strategic and International Studies and a former senior official at the US Department of Homeland Security, warned that Russia could also launch ransomware attacks if escalating cyberwar, as well as disinformation campaigns designed to destabilize markets.
These may not come directly from the Russian state, but from state-linked criminal groups or other “representatives,” according to Mike Rogers, former director of the National Security Service.
On Friday, the infamous Conti ransomware crime group, responsible for a major attack last year on the Irish healthcare system, announced that it was lending the Russian government “full support”. ” and will use its resources to “attack the enemy’s infrastructure threats”.
Shlomo Kramer, co-founder of Checkpoint and CEO of cloud security firm CATO Networks, says that companies’ last-minute preparations are the result of a lack of awareness, rather than competence.
“The cyber market is just getting started and a small cyberwar will make the market a lot bigger,” he said. “There needs to be enough pain before the market can jump to the next level. I don’t know if this is the conflict that will create this, but sooner or later it will.”
Additional reporting by Joshua Franklin in New York