Russia and cyberwarfare: Experts say circumstances surrounding Ukraine invasion could lend themselves to digital attacks

As explosions and gunfire still echo across Eastern Europe, cybersecurity experts say the war waged in digital trenches continues to be a threat … including for local companies.

At the end of March, the White House was warning companies across the country to be on guard for the potential for Russia to launch cyberattacks to disrupt critical infrastructure.

And, although the late February invasion of Ukraine hasn’t apparently incited all-out cyberwarfare, Seth Danberry, co-founder and president of Newark-based cybersecurity company Grid32, said it’s important for private sector leaders to remember that it’s not just companies directly tied to infrastructure that have to keep their guards up.

“Any attacks can spill into the private sector and can leave corporate businesses affected,” he said. “If you look at the Iranian nuclear facility that was hit with malware (called Stuxnet), that was intended to take out Iran’s nuclear program, it later spread to corporations across the globe and created corporate issues.”

The risk might be relatively remote, but it’s not at all nonexistent. Agencies such as the FBI and the Department of Homeland Security have released guidance since the conflict’s outbreak on how companies can brace for attacks.

Eric Levine. (Lindabury, McCormick, Estabrook & Cooper)

Eric Levine, co-chair of Lindabury, McCormick, Estabrook & Cooper’s Cybersecurity and Data Privacy practice, said it’s a time of heightened risk for a wide array of businesses in the region.

“It’s easy to see where potential threats could come up for these different industries — utilities, telecommunications, defense — where attacks from another country looking to destabilize the U.S. might create the most chaos,” he said. “Organizations in those sectors are certainly aware of what’s going on and the increased threats, and are likely establishing, or have already, the responsible (cybersecurity) infrastructure just in case.”

The chatter about cyberwarfare being unleashed was louder leading up to the conflict and immediately after it started, Levine and Danberry both said. Levine there’s a lot of tension at the current moment — perhaps too much for intense hacker bombardments.

Be prepared

Hiring a burglar to break into your own house is one way of putting what Newark-based Grid32 does.

Seth Danberry leads a Newark company staffed with expert “white hat” hackers that test a company’s readiness for cyberattacks by simulating them. By emulating the techniques of malicious hackers, they can detect vulnerabilities in a company’s cybersecurity network and hopefully leave it better prepared for when the real bad guys come along.

Danberry said knowing how those “black hat” hackers operate takes research and education, as well as staying close with a tight-knit cybersecurity community that passes along details of the latest hacks.

The human element, Danberry said, is still the weakest link they find at most companies. External networks, more often than not, are able to prevent a breach from the outside. But, whether it’s through emails, text messages or phone calls, internal people are susceptible to opening those doors unknowingly.

The good news is this: Low-hanging fruit is harder to come by for his white-hatted band today.

“I will say, when I started this 13 years ago, we were typically able to hack in using technical means,” he said. “But, those firewalls have vastly improved, and employees have improved in their awareness of phishing-style attacks, too.”

“The idea is, if Russia takes that approach, why wouldn’t their international adversaries respond in kind?” he said. “It’s somewhat similar to discussions of nuclear arms (during the Cold War). That’s probably why you haven’t seen a full-blown cyberassault. Not that, if it were happening, we would necessarily know everything about it.”

Levine made clear he isn’t privy to the capabilities that nation-states may have when it comes to cyberweaponry.

“But Russia is a place where you often hear hackers, for whatever reason, tend to congregate,” he said. “I don’t want to say it’s a cottage industry, but it is a place that seems to be known for the cultivation of these threat actors.”

There is, however, some nuance there, as cybersecurity professionals will point out.

“Attribution is always difficult with an event such as this Ukraine situation,” Danberry said. “Attackers today can obfuscate where they came from. We’ve seen pieces of Russian codes put in malware, which might be someone from a totally different country planting that. The jury is often out on where attacks come from, especially when everyone expects them to come from a certain source.”

As for what New Jersey companies should expect, Danberry said it’s best to just continue practicing the regular proactive measures a company should employ to ward off any attack. For now, the worst-case cyberwarfare scenarios aren’t transpiring.

Beyond that, if there were to be a ramping up of attacks, expect the unexpected.

“Actors connected to nation-states may have a leg up with previously unknown attacks, what’s known as a zero-day attack,” Danberry said.

Just as worrisome, Danberry added, is how quickly those hacking strategies and techniques might filter down to more self-interested cybercriminals — the sort most likely to present a danger to any given New Jersey business.

“The ability of those lower-level actors to perpetuate identical attacks to nation-states can be shocking,” he said. “What we’ve seen in the past 20 years is attacks that once took advanced skill-sets can be done today by teenagers who are willing to find and download the right software and run it. It’s less about high-level abilities, and more about malicious intent.”