The Ukrainian government is warning that Russia is planning to carry out “massive cyberattacks” against power grids and other critical infrastructure in both Ukraine and allied countries.
The warning claims that the attacks will be similar to those that targeted Ukraine’s energy supplies in 2015 and 2016 with Russia trying to increase the effect of missile strikes on electricity supply facilities in Ukraine’s eastern and southern regions. According to the warning, the “occupying command is convinced that this will slow down the offensive operations of the Ukrainian Defence Forces.”
Ukraine also claims that Russia intends to increase the intensity of distributed denial-of-service attacks on the critical infrastructure of its closest allies, primarily Poland and the Baltic States.
A previous attack against Ukraine’s energy infrastructure, referenced in the warning, occurred in December 2015, crippling the country in the dead of winter. It was noted in the years after the attack that it was a wake-up call about the cybersecurity risk present in critical infrastructure, one ignored by many that ultimately led to the attack on Colonial Pipeline Co. in 2021.
While there is no independent verification of Ukraine’s claims of future massive cyberattacks, it’s believable and has been tried before by Russia after it invaded Ukraine in February.
Researchers from SET spol s.r.o and Microsoft Corp., in conjunction with Ukraine’s Governmental Computer Emergency Response Team, managed to stop an attack against a Ukrainian energy company in April. The attack involved the Russian Sandworm hacking group and used a new variation of the Industroyer malware used in the 2015 attack.
The other reason to believe that Russia may launch a new series of cyberattacks is their worsening strategic situation in Ukraine, with ground previously taken in the earlier days of the invasion being lost to Ukrainian advances. Russia being forced onto the backfoot in Ukraine – a country many thought it would initially conquer quickly, has since resulted in the mobilization of reservists to counter increasing battlefield losses.
Discussing the news, Roger Grimes, data-driven defense evangelist at security awareness training company KnowBe4 Inc. told SiliconANGLE that the most common malware and hacker attacks involve social engineering.
“Ukraine and its allies should focus first and best on educating everyone to recognize the signs of social engineering attacks, how to mitigate them and how to appropriately report,” Grimes explained. “There is no single defense that can do as much to put down the most common hacker and malware attacks as preventing social engineering.”