February 25, 2022

President Biden joined European leaders this week in enacting economic sanctions against Russia in response to its invasion of Ukraine. The West has promised tougher sanctions are coming, but experts warn these will almost certainly trigger a Russian retaliation against America and its allies, which could escalate into cyber attacks on Western financial institutions and energy infrastructure.

Michael Daniel is a former cybersecurity advisor to the White House during the Obama administration who now heads the Cyber Threat Alliance, an industry group focused on sharing threat intelligence among members. Daniel said there are two primary types of cyber threats the group is concerned about potentially coming in response to sanctions on Russia.

The first involves what Daniel called “spillover and collateral damage” — a global malware contagion akin to a NotPeyta event — basically some type of cyber weapon that has self-propagating capabilities and may even leverage a previously unknown security flaw in a widely-used piece of hardware or software.

Russia has been suspected of releasing NotPetya, a large-scale cyberattack in 2017 initially aimed at Ukrainian businesses that mushroomed into an extremely disruptive and expensive global malware outbreak.

“The second level [is that] in retaliation for sanctions or perceived interference, Russia steps up more direct attacks on Western organizations,” Daniel said. “The Russians have shown themselves to be incredibly ingenious and creative in terms of how they come up with targets that seem to catch us by surprise. If the situation escalates in cyberspace, there could be some unanticipated organizations that end up in the crosshairs.”

What kinds of attacks are experts most concerned about? In part because the Russian economy is so dependent on energy exports, Russia has invested heavily in probing for weaknesses in the cyber systems that support bulk power production and distribution.

Ukraine has long been used as the testing grounds for Russian offensive hacking capabilities targeting power infrastructure. State-backed Russian hackers have been blamed for the Dec. 23, 2015 cyberattack on Ukraine’s power grid that left 230,000 customers shivering in the dark.

Experts warn that Russia could just as easily use its arsenal of sneaky cyber exploits against energy systems that support U.S. and European nations. In 2014, then National Security Agency Director Mike Rogers told lawmakers that hackers had been breaking into U.S. power utilities to probe for weaknesses, and that Russia had been caught planting malware in the same kind of industrial computers used by power utilities.

“All of that leads me to believe it is only a matter of when, not if, we are going to see something dramatic,” Rogers said at the time.

That haunting prophecy is ringing anew as European leaders work on hammering out additional sanctions, which the European Commission president says will restrict the Russian economy’s ability to function by starving it of important technology and access to finance.

A draft of the new penalties obtained by The New York Times would see the European Union ban the export of aircraft and spare parts that are necessary for the maintenance of Russian fleets.

“The bloc will also ban the export of specialized oil-refining technology as well as semiconductors, and it will penalize more banks — although it will stop short of targeting VTB, Russia’s second-largest bank, which is already crippled by American and British sanctions,” The Times wrote.

Dmitri Alperovitch is co-founder and former chief technology officer at the security firm CrowdStrike. Writing for The Economist, Alperovitch said America must tailor its response carefully to avoid initiating a pattern of escalation that could result in a potentially devastating hot war with Russia.

“The proposed combination of sanctions on top Russian banks and implementation of export controls on semiconductors would be likely to severely debilitate the Russian economy,” Alperovitch wrote. “And although many in the West may initially cheer this outcome as righteous punishment for Russia’s blatant violation of Ukrainian sovereignty, these measures will probably trigger significant Russian retaliation against America. That prospect all but guarantees that the conflict will not come to an end with an invasion of Ukraine.”

Faced with a potentially existential threat to its economic well-being — and seeing itself as having nothing more to lose — Russia will have several tools at its disposal with which to respond, he said: One of those will be carrying out cyber-attacks against American and European financial institutions and energy infrastructure.

“Having already exhausted the power of economic sanctions, America and its European allies would have few choices other than to respond to these attacks with offensive cyber-strikes of their own,” Alperovitch wrote. “This pattern of tit-for-tat cyber retaliation could place Russia and the West on a worrying path. It could end with the conflict spilling out of cyberspace and into the realm of a hot conflict. This outcome—a hot conflict between two nuclear powers with extensive cyber capabilities—is one that everyone in the world should be anxious to avoid.”

In May 2021, Russian cybercriminals unleashed a ransomware attack against Colonial Pipeline, a major fuel distributor in the United States. The resulting outage caused fuel shortages and price spikes across the nation. Alperovitch says a retaliation from Russia in response to sanctions could make the Colonial Pipeline attack seem paltry by comparison.

“The colonial pipeline is going to be like child’s play if the Russians truly unleash all their capability,” Alperovitch told CNBC this week.

For example, having your organization’s computers and servers locked by ransomware may seem like a day at the park compared to getting hit with “wiper” malware that simply overwrites or corrupts data on infected systems.

Kim Zetter, a veteran Wired reporter who now runs her own cybersecurity-focused Substack newsletter, has painstakingly documented two separate wiper attacks launched in the lead-up to the Russian invasion that targeted Ukrainian government and contractor networks, as well as systems in Latvia and Lithuania.

One contractor interviewed by Zetter said the wiper attacks appeared to be extremely targeted, going after organizations that support the Ukrainian government — regardless of where those organizations are physically located.

“The wiper, dubbed HermeticaWiper, appears to have been in the works for months but was only released on computers today,” Zetter wrote. “It follows on a previous wiper attack that struck Ukrainian systems in January called WhisperGate. Like that previous infection, HermeticaWiper is designed to overwrite files on systems to render them inoperable.”

A joint advisory last week by the FBI, National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) warned that Russian cyber actors have been targeting cleared defense contractors, and that since January 2020 and continuing through this month, the cyber actors had maintained a persistent presence on those contractor networks. The advisory said the attackers exfiltrated email and data, and were able to “acquire sensitive, unclassified information, as well as proprietary and export-controlled technology.”

A report Thursday by NBC News suggested President Biden had been presented with options for massive cyberattacks against Russia, including the disruption of Internet access across Russia, shutting off the power, and stopping trains in their tracks.

But White House National Security Council spokesperson Emily Home told Reuters the NBC News report was “wildly off base and does not reflect what is actually being discussed in any shape or form.”

That’s good news, according to Jim Lewis, director of the public policy program at the Center for Strategic and International Studies. Lewis said the United States and its allies have far more to lose if the West gets embroiled in an escalation of cyber attacks with Russia over sanctions.

“The asymmetry in pressure points makes the idea of us doing something probably not a good idea,” Lewis told KrebsOnSecurity. “If Putin hasn’t gone completely nuts, he’ll be cautious of doing anything that might be construed under international law as the use of force through cyber means.”

Lewis said a more likely response from Russia would include enlisting cybercriminals throughout Russia and the Commonwealth of Independent States to step up ransomware and other disruptive attacks against high-impact targets in specific industries.

“The pressure points for Putin are his political support — the oligarchs and security services,” Lewis said. “If we want to squeeze him, that’s where we have to squeeze, things like seizing all their real estate in Miami Beach, or putting them on no-fly lists. If you want to hurt Putin, a cyberattack probably wouldn’t do it. Unless it was against his bank account.”

In a call to action issued earlier this week dubbed “Shields Up,” CISA warned that Russia could escalate its destabilizing actions in ways that may impact others outside of Ukraine. CISA also published a new catalog of free public and private sector cybersecurity services.


54 thoughts on “Russia Sanctions May Spark Escalating Cyber Conflict

  1. Tom

    It would be interesting to see how these dumbo CISOs with arts, MBA, … background without any security engineering or never programmed in their life defend their organizations against these savvy attackers from Russia.

    1. Chuck Finley

      Yep. When was the last time a janitor performed heart surgery or a plumber designed (and signed off) on a power substation or bridge. Fortunately, healthcare, engineering, the crafts are regulated. Maybe ,once cyber to kinetic upsets become common place, they’ll understand.

    2. JamminJ

      CISO don’t do the work. The real security engineering is done by, well, engineers and architects.

  2. m

    Makes you wonder if the recent arrests of Ransomware group members was just a front to strengthen Russia offensive capabilities into large state sponsored actors.

    1. J

      Exactly my thought. If he needs non-technically Russian forces to perform cyber retaliation to avoid triggering Article 5 that may be why he rounded them up.

    2. JamminJ

      Dark website admins arrested were NOT skilled hackers. That’s like saying cryptocurrency bros are cryptographers.

      Russia would be wasting their time and talent trying to teach guys who run websites how to hack.

      1. Jim Norton

        By arresting the distributors, they’ll get the required intel to track down the providers

  3. Gannon (J) Dick

    Economic sanctions are only asymmetric to a point. Being too immersed in cybersecurity lingo is to risk missing something very important.

    For example when Hitler annexed Czechoslovakia the National Treasury precious metals, etc. resided in a London Bank vault and stayed there for the duration of WWII. This “firewall” was un-hackable.

    This is the rationale for excluding SWIFT from the sanctions — it is symmetric by design — and any security improvements are money well spent.

  4. International Flaw

    “If Putin hasn’t gone completely nuts, he’ll be cautious of doing anything that might be construed under international law as the use of force through cyber means.”
    Didn’t he already break International Law with the invasion of Ukraine itself? Is “cyber” International Law that much more important? How many more international laws need to be broken?

    Real Talk: Russia is going to retaliate either way, as much as they can get away with and more.
    US and Europe should have been ready for an all out cyber-war with Russia as they say “yesterday”.
    Alas, nobody was quite prepared for this level of nuttiness, a surprise attack even for the first wave of Russian troops “redirected” into Ukraine.

    1. Kent Brockman

      Breaking nternational law has very different repurcussions depending on who is the victim of it’s being broken. Ukraine is one thing, the US something entirely different. A full blown cyber assualt on the US could and probably would be taken as an act of war and god only knows where that would lead(Hint: you don’t want to go there). If Putin really is “nuts” or if he comes to feel cornered we’re all in very deep do do. Also, your just wrong when you say nobody was prepared for an attack on Ukraine, it’s been telegraphed for weeks.

  5. tag

    I think its important to be aware of potential consequences, but I think some emphasis should be placed on something Biden accurately pointed out, which is that we need the “will” to pursue actions such as impactful sanctions in order to have any effect at all on someone like Putin and their government. Of course they will try to deter anyone from imposing consequences on their actions. That’s a given. The point is that if we lack the will to face even the simplest of counters, or the briefest moment of increased gas prices and stock fluctuations, we will only further embolden people like Putin to disregard all norms because no one has the will to push back. Since we’re not willing to use military force, the only option is sanctions and diplomatic ostracization, and we should be prepared to brush off whatever comes back. It’ll be back on Putin to decide if escalation that could invite harsher action is worth his while.

    1. JamminJ

      The “will” may need to be spelled out for people. Lots of people are willing to send someone else to fight a war, but are unwilling to even talk about paying more to fill up their truck or SUV.

      Sanctions that will really hurt Russia, will hurt Europe and North America too. We cannot be too scared of hurting our knuckles that we won’t throw a punch.

  6. Kevin

    These ‘sanctions’ are carefully designed to not hurt Putin or Russia, just to look like our ‘leaders’ are not just ignoring the invasion. Vlad insists on results from his hired hands. And he got them with the exclusion of the Energy Sector and the reduction in US energy production. So the Russians will whine on TV, our ‘leaders’ will says they did all they could and then they will be right back to taking $3.5 million dollar bribes from Putin’s cronies like Elena Baturina for services rendered. So don’t count on the big cyberwar. That comes when our ‘leaders’ surrender Taiwan next.

    “For the purposes of this general license, the term “related to energy” means the extraction, production, refinement, liquefaction, gasification, regasification, conversion, enrichment, fabrication, transport, or purchase of petroleum, including crude oil, lease condensates, unfinished oils, natural gas liquids, petroleum products, natural gas, or other products capable of producing energy, such as coal, wood, or agricultural products used to manufacture biofuels, or uranium in any form, as well as the development, production, generation, transmission, or exchange of power, through any means, including nuclear, thermal, and renewable energy sources.”

  7. Louis Leahy

    Cyber attacks are considered to be armed attacks under article 51 of UN charter* This would be basis for triggering NATO requirements of article 5. Cyber attacks have already been launched by Russia on NATO members over an extended period of time+ There is nothing preventing NATO intervening to prevent this genocide in Ukraine they should act as they did to prevent the genocide in Bosnia in the absence of timely intervention by the UN.

    * Columbia Law Review Vol 117 No 2 Ryan J. Hayward
    EVALUATING THE “IMMINENCE” OF A CYBER ATTACK FOR PURPOSES OF ANTICIPATORY SELF-DEFENSE

    + en.wikipedia.org/wiki/Cyberwarfare_by_Russia

    1. JamminJ

      Yes, the NATO Chief did say that cyber attacks CAN trigger article 5, but that it has never in the past. Who makes that decision? Well, it’s a vote among NATO members of course.

      BTW, let’s not throw around the word “genocide” unless it actually fits the definition. Let’s not stoop to Putin’s level.

    2. Kent Brockman

      “There is nothing preventing NATO intervening to prevent this genocide in Ukraine ”

      Yeah nothing, except a likely WW3, so we “save” Ukraine by annihilating ourselves. Bravo!

      1. general barcalounger

        Even if NATO (or EU as Ukraine has applied to) went into Ukraine, Putin would think
        very long and hard before using even a tactical nuclear weapon. It would be the end.
        He wants to get away with this move, not burn alive with large chunks of his country.
        This entire war was predicated on knowing NATO would not intervene at article5 level.
        If one actor bombed the convoy of tanks sitting on the road you think he’d nuke over it?

        That would be a final mistake. A risk exists and risk averse minds avoid it at all costs,
        because even a low chance of catastrophe is still worth avoiding entirely. He knows this.
        Putin is betting everything on that with over half of his armed forces outside his borders.
        He believes himself immune from national decapitation due to his threat. I question that.
        Putin -personally- pushed this insanity. “Russia” doesn’t want to pay for his autocratic fail.
        If we let him succeed, the likelihood of nuclear war only grows, as did Hitler’s ambitions.

  8. JamminJ

    Might want to lock comments for articles like this.
    Trolls and bots abound

    1. Forum Fauxministration Dept

      Too many Pope-like figures repeating the obvious as well. (It’s a tech forum.)
      Brian is capable of deciding which comments are worthy of it internally.

  9. Sub Judice

    Appease and run away? That’s worked in the past hasn’t it?

  10. Louis Leahy

    JamminJ – ABC News – Associated Press “The U.N. High Commissioner for Human Rights said its staffers have so far verified at least 127 civilian casualties, 25 people killed and 102 injured, mostly from shelling and airstrikes.”…. It is genocide and the UN and NATO should not wait for further bloodshed to intervene.

    1. JamminJ

      That’s war. Not genocide.

      If you keep with that twisted definition, every participant in war, regardless of who starts it, is genocidal?

      Putin accused the Ukrainians of “genocide” by using such a twisted definition. And is saying his invasion is justified to stop the genocide.

      People die in war. It’s hyperbolic to suggest that all casualties of war represent a deeper aim to destroy an entire nation or group of people.

      When you dilute the impact of the word genocide, you will allow Putin and other dictators to use it as the same justification for their own atrocities.

    2. Kent Brockman

      Sure prevent one “genocide” and risk a global holocaust. If your one of the “lucky” survivors you can tell the billions of dead it was “worth it”.

    3. David Russo

      And that starts a nuclear war. Is it worth being burned alive and no longer existing?

  11. Louis Leahy

    JamminJ – Definition of Genocide according to the Oxford Dictionary “the deliberate killing of a large number of people from a particular nation or ethnic group with the aim of destroying that nation or group” .

    1. srly

      Yeah Hitler committed genocide during WW2. But it was not the invasion blitzkrieg of Poland that was the genocide.
      If we call Putin’s invasion of Ukraine a genocide then what difference would it make if he did start a new holocaust? What word would be stronger than genocide?
      I think we should reserve such words. Words have meaning exaggeration doesn’t help anyone.

  12. Louis Leahy

    JamminJ Definition of Genocide Oxford Dictionary – “”the deliberate killing of a large number of people from a particular nation or ethnic group with the aim of destroying that nation or group.”

    1. JamminJ

      Yeah, so it’s not genocide by any stretch of that definition.

  13. Catwhisperer

    A bully only stops in their attacks when you knock them on their ass with a brick to the head. Make the price of the unjustified invasion of Ukraine one that the bully doesn’t want to continue paying…

  14. James Langa

    I rarely comment on this blog, but with you praising Russia hacking capabilities, you are making the head of those Russian hackers swell up. Let them unleash the best of their hacking skill on the west and let see who suffer most. Hacking is not rocket science

    1. JamminJ

      Who was praising Russian hacking capacities?

      In cyber security, there is the concept of impact. Even if the West has better hackers, we are also more vulnerable to the impact of cyber warfare. More reliance on private networks. Financial sector, healthcare, etc… Are not state controlled like Russia or China.

  15. ReadandShare

    Yes, the risks and costs are high – like real wars are costly too (woeful understatement here) – but sometimes, we have to. It’s up to our political leaders to decide… but time for our corporate captains to take security seriously in all the ways that they haven’t yet.

    1. Kent Brockman

      “Yes, the risks and costs are high – like real wars are costly too (woeful understatement here) – but sometimes, we have to.”

      Spoken like someone who’s actually been through ( and survived ) a nuclear war, pray tell what planet have you come from? There’s a very good reason that zero wars have been fought between nuclear armed states, might want to educate yourself on that topic.

  16. Louis Leahy

    JamminJ – Russia is a UN member and bound by UN rules, there is no UN Security Council resolution authorising these actions. These actions by Russia are illegal, it is not a war it is illegal murder of innocent civilians it is Genocide.

  17. JamminJ

    I agree that it’s wrong.
    Russia, like the US, is a permanent veto powered member of the UN.
    Unfortunately, international law isn’t so cut and dry when any action or declaration by the UN needs Russia (the perpetrator), to also agree.
    The UN is great for many things, but not so much for checking one of the 5 permanent members of the security council.

    The UN is NOT the body that will help Ukraine or make any determination here. NATO is designed for this purpose.

    Murder and war crimes sure. But that still doesn’t meet any reasonable definition of Genocide.

    1. SeymourB

      Russia, as the member state committing these acts, is not supposed to vote in measures against it. The very fact that Russia voted is unusual and may bring about consequences as a result. So stating that Russia’s vote is a checkmate isn’t so cut and dried. Them having taken this step may result in the unwritten rule becoming written.

      The idea that nuclear war may be started over this ultimately depends on whether anyone around Putin would actually allow him to go through with it. Nobody around him wants to see every relative of theirs die just because some short guy with a NATO fetish (and a tendency to claim that everyone who opposes him is a Nazi?!) has descended into madness. I know he thinks he’s safe and has surrounded himself with loyal people, but honestly anyone with family members they care about will have to choose between them and him and he’s just not that sexy.

      1. Kent Brockman

        Maybe, but would you really want to hang you and the worlds existence on that hope? Escalation creates situations where emotions can take over and rational thinking is overcome. Someone trained to do their “duty”(even if that means participating in a global holocaust) sees things differently than civilians do. This is why nuclear armed states have not, to this point anyway, engaged in direct combat of any sort. It’s simply an invitation to mutual suicide. The notion of saving Ukraine while risking armagedden is simply nuts, plain and simple.

      2. JamminJ

        That’s never even been an unwritten rule. I don’t see anywhere in the history of UN security council votes by permanent members, where the permanent member State abstained because they were the accused perpetrator. That sounds like something the public might expect, but without basis.

        It’s not unusual that Russia voted. It was absolutely expected that they would, and that they would veto. The vote was really just a symbolic bureaucratic step to get to a non-binding resolution in the general assembly.

        Russia also vetoed against the UN security council resolution during the 2014 annexation of Crimea.
        https://en.m.wikipedia.org/wiki/List_of_vetoed_United_Nations_Security_Council_resolutions

        In the 76-year history of the UN, Russia / USSR vetoed 120 times, the US has vetoed 82 times.

        United Nations has rightfully interceded many times, so I do think they are still a worthy organization to keep around.
        But let’s face the facts, they were never designed to keep the five superpowers in check. They were designed to allow those five superpowers to check the rest of the world. To stop smaller international incidents from escalating to larger ones.

        Regarding the bulk of your comment Seymour, I absolutely agree.

  18. sam

    Of course Russia will retaliate with cyber attacks. We don’t need an “expert” to tell us that. Just as the enemy was defeated on the battlefield in WWII, they must be defeated on the cyberfield.

    1. security vet

      …Russia is already cyber attacking us – take Solar Winds as an example. That was seen as “legitimate espionage…

  19. Jerry Werzinsky

    Putin’s goal is the cultural genocide of the Ukraine. If people are unwilling, then they will die. Putin is no different than Hitler or Stalin. All had no problem raping the Ukrainian people.

  20. dave chapparel

    we got forty nations.. ready to roll son

    A Coalition of the Willing!

    war is hell… pray for a peaceful resolution

  21. Merdeka

    There are enough threat actors in the western world that will not stand for this. Just do the same thing as the Russian government does; close your eyes and let them do their thing as long as it hurts Russian interests. And take collateral damage as long as it stays small for granted. The U.S. has been very aggressive in extraditing and sentencing hackers. But instead of locking them up and throwing away the key. Perhaps a smarter strategy is to harness them; because you can deny the state is behind them just like Russia does.

  22. Mahhn

    Concerns beyond the surface. Scammers are offering shirts for sale and accepting donations – for themselves. Protesters are destroying products and businesses that have the word Russian in them, when it is Putin that is the enemy. See the protesters in Russia – just by standing outside they have put their lives at risk.
    If you want to attack the war – make sure you are “on target”, because most of the people that get effected will not be the enemy. Just like every protest ever – more innocent people are negatively affected than those being protested.

  23. Robert Scroggins

    USA has never turned the NSA cyber warriors loose on much (the Stuxnet exception comes to mind), but they are very capable. I imagine they would do so now if Russia tries to do anything because of the Ukraine invasion.

  24. polbel

    Once the weather gets warmer and heating needs are low, Putin will get what he deserves when civilians of NATO nations are not at risk of freezing to death because of cuts to the flow of russian fuel to Europe. Just watch…

  25. kris van

    is it worth being burned ? innocent people are suffering in his war condition

Comments are closed.