Vector cartoon illustration of flag of Russia in human hand. Fans, patriotic concept on outdoor background.

Three Russian Cyber-Attacks feared by the West

White House and the UK’s cyber-authorities are calling for enhanced cyber-security preparations, although there is no solid evidence that Russia is planning a cyber-attack. Such claims have already been labelled “Russophobic” by Russia.

There is no doubt Russia has an advanced cyber capability, and hackers capable of launching disruptive and damaging cyber-attack which is why the United Kingdom’s cyber-authorities are supporting the White House’s request for “enhanced cyber-security safeguards.”

James Houghton, CEO of Phishing Tackle says:

“Biden’s warnings seem sensible, particularly as the World introduced more sanctions, hacktivists and state-actors are doing their best to expand the threat landscape”.

Here are three hacks that experts are concerned about.

BlackEnergy attacks the Ukrainian power grid

A cyber-attack known as BlackEnergy damaged Ukraine’s power infrastructure on 23 December 2015, resulting in a brief blackout for 80,000 subscribers of a power utility in western Ukraine. A year later, a cyber-attack known as Industroyer knocked off electricity for around one-fifth of Kyiv, Ukraine’s capital, for nearly an hour. The attacks were blamed on Russian military hackers, according to the US and the EU.

Marina Krotofil, a Ukrainian cyber-security responder who assisted in the investigation of the power outage attacks, says:

“However, no cyber-attack against a power grid has resulted in an extended interruption of power supply. Executing cyber-attacks on complex engineering systems in a reliable way is extremely difficult and achieving a prolonged damaging effect is sometimes impossible due to in-built protections.”

Marina Krotofil believe this might backfire on Russia as well, because the West is likely to have a strong foothold in Russian networks.

According to Kaspersky, the Trojan used in Ukraine hack BlackEnergy, first appeared in 2014. It was designed to conduct DDoS attack, cyberattacks, and information destruction attacks on businesses, particularly those in the energy industry and those that use SCADA systems.

NotPetya Ransomware Attack

The NotPetya cyberattack, which took place in the summer of 2017, was the most destructive cyberattack ever executed against the US, UK, with the EU blaming a group of Russian military hackers. NotPetya infected most Ukrainian networks and caused issues across Europe and the United Kingdom.

NotYeta

NotPetya has certain similarities with its 2016 predecessor, as well as the WannaCry ransomware attack in May 2017. NotPetya has certain advanced functionalities, according to security experts, making it more dangerous than WannaCry. While EternalBlue used a flaw in the Microsoft Windows SMB protocol to spread, it also has additional capabilities for spreading quickly across networks.

From this ransomware hackers made a decent profit, but not a huge one. Twenty-two payments were made worth of 2.39818893 Bitcoin, at the time of publication.

Prof. Alan Woodward of the University of Surrey, a computer scientist, says:

“These types of uncontrollable hacks are much more like biological warfare in that it is very difficult to target specific critical infrastructure in specific places. WannaCry and NotPetya saw victims in Russia too.”

Colonial Pipeline cyberattack

In May 2021, one of the country’s main gasoline pipeline owners was forced to shut down its whole network due to a ransomware attack, according to US officials. The Colonial Pipeline, which carries roughly half of all gasoline, diesel, and other fuels used on the East Coast of the United States of America, was attacked. To get computer systems back up and operating, the pipeline business admits paying hackers $4.4 million in hard-to-trace Bitcoins.

Executive assistant director of the cybersecurity division at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA Eric Goldstein says:

“This underscores the threat that ransomware poses to organisations regardless of size or sector. We encourage every organisation to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”

A group of cybercriminals known as Darkside carried out the ransomware attack, hacking into a company’s or government’s network and encrypting data.

If a cyber-attack happens against a NATO member country that results in death or significant irreversible harm, Article 5, the alliance’s collective defence provision, might be triggered.

However, analysts believe that dragging NATO into a war it does not want to be a part of would be unhelpful, and that any retaliation would be more likely to come from the US and close allies.

Has your organisation started to increase cyber security measures yet? Start your two-week free trial today.

Recent posts