Should we fear major Russian cyberattacks on the IT infrastructures of Western countries? Clearly, this risk exists given the escalating war in Ukraine and the economic sanctions imposed on Russia. And for the past few days, the facts have multiplied and the tension has risen.
In Germany, according to Der Spiegela special report by the cybersecurity agency BSI has just alerted the government to imminent attacks targeting “high value targets », that is to say critical infrastructures.
German domestic intelligence (Verfassungsschutz) also believes that the cyber risk has increased significantly, and recalls that the Russian secret services are past masters in industrial sabotage and political manipulation.
Also see video:
As such, the secret services report that the Russian hackers of the group Ghostwriter — which experts link to the Russian military intelligence GRU — launched after the start of the war a new campaign of phishing across the Rhine in order to recover access to email accounts. In addition, more than 3,000 wind turbines were disconnected from the Internet network, due to a hack by the satellite operator Viasat, on February 24, the same day the Russians began their invasion.
France is also affected by this hack, with the disconnection of several thousand individual subscribers from Nordnet and BigBlu. It would seem that this is a collateral damage, because the attack would have mainly targeted the satellite terminals of Viasat, in Ukraine.
In the United States, according to Bloombergwe have just discovered that hackers have entered more than a hundred computers of 21 companies working in the liquefied natural gas sector.
These hacks targeted engineers, scientists or executives, and allegedly took place just before the start of the war. The aims of the operation are not known.
Kaspersky singled out by ANSSI
At the same time, cybersecurity agencies and experts are constantly issuing warning bulletins and recommendations to reinforce vigilance.
In a threat report, theANSSI believes that cyberattacks “may affect French entities” and that this risk should be anticipated.
“In the current context, the use of certain digital tools, in particular the tools of the Kaspersky company, can be questioned because of their link with Russia”underlines the French agency.
Same story at the British cybersecurity agency NCSC which invites all organizations to strengthen their protections. Ditto with its American counterpart CISA, which has grouped all its advice under the watchword “Shields Up”.
The private sector is also on board. The company Beggar has uploaded guides and a webinar that explain what Russian cyber capabilities are, and how to protect against destructive attacks and DDoS.
The companies Cloudflare, CrowdStrike and Pind Identity, for their part, created the alliance Critical Infrastructure Defense, the aim of which is to help operators of American critical infrastructures — hospitals, energy suppliers, drinking water networks, etc. — strengthen their information systems. These services will be free for four months.
All of these free guides, tips and services will never replace a good business continuity plan, but it’s still better than nothing in these uncertain times.