Top U.S. cyber officials are warning that now is no time for governments or private sector companies to let down their guard and assume Russia’s struggles on the battlefield in Ukraine will carry over into the Kremlin’s efforts in cyberspace.
Instead, they say the recent denial of service attacks targeting the public websites of major U.S. airports – and claimed by the Russian hacker group Killnet – could be “the leading edge of other types of attacks.”
“We are not at a place where we should be putting our shields down,” Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), told an audience in Washington late Tuesday.
“We should remain very concerned, very vigilant about potential attacks on U.S. critical infrastructure,” she said. The Russians are very unpredictable. Their back is up against the wall.”
The United States and its Western allies have been bracing for potentially large-scale, destructive cyberattacks on key industries and critical infrastructure by Russia or Russian-linked actors since before Russian forces invaded Ukraine in late February.
“Companies of any size and of all sizes would be foolish not to be preparing right now,” U.S. Deputy Attorney General Lisa Monaco said in the weeks before the invasion. “It’s not hypothetical. … I am absolutely concerned.”
Moscow has consistently denied involvement in offensive cyberattacks, including some that targeted Ukraine on the eve of the Russian invasion. And aside from the recent denial of service attacks, which CISA’s Easterly described as “a nuisance,” there has not been much evidence of any attempted or successful Russian or Russian-linked cyberattacks against targets outside Ukraine.
Instead, it appears Russia has focused most of its cyber efforts on Ukraine itself.
A report by the U.S.-based cybersecurity firm Check Point Software, issued last month, found that since February, cyberattacks on Ukrainian government and military websites “more than doubled, increasing by a staggering 112%.”
Other researchers have pointed to Russia’s ongoing use of cyberspace to peddle disinformation, some of it designed to try to weaken the resolve of countries that so far have remained steadfast in their support for Ukraine.
Ukrainian officials, however, have repeatedly warned that a new wave of Russian cyberattacks is coming, with the targets likely to include Ukraine’s energy and financial sectors.
“The risk of new attacks remains very high,” Volodymyr Kondrashov, a spokesman for Ukraine’s State Service of Special Communications and Information Protection, said in a statement late last month.
But U.S. officials Tuesday praised Ukraine, saying its cybersecurity efforts have kept Russia off-balance.
“Credit to the Ukrainians in terms of what they’ve been able to do to harden their networks, to understand what is going on, to be able to be a step ahead of what the Russians are doing,” U.S. Cyber Command’s General Paul Nakasone said. “We have learned a tremendous amount.”
Still, Nakasone and CISA’s Easterly said their private-sector partners have detected an increase in scanning of critical systems by cyber actors potentially tied to Russia.
“We need to ensure that we are prepared for threats, for incursions against our critical infrastructure whether it’s state-supported actors, criminally aligned ransomware groups or even the cascading attacks, with attacks in Ukraine … could bleed over the U.S.,” Easterly said.
There are also ongoing concerns that Russia will try to launch some sort of cyberattack aimed at disrupting next month’s U.S. midterm elections.
But while the U.S. Federal Bureau of Investigation has seen indications of Russian-linked influence operations, the U.S. says the voting systems themselves are safe.
“We are seeing no significant indications of attacks that are being planned right now,” Nakasone said. “But this is, again, for us a matter of vigilance.”