By Christopher Bing and Joseph Menn
(Reuters) – Hackers who defaced and interrupted access to numerous Ukrainian government websites https://www.reuters.com/world/europe/exclusive-hackers-likely-used-software-administration-rights-third-party-hit-2022-01-14 on Friday could be setting the stage for more serious cyberattacks that would disrupt the lives of ordinary Ukrainians, experts said.
“As tensions grow, we can expect more aggressive cyber activity in Ukraine and potentially elsewhere,” said John Hultquist, an intelligence analyst at U.S. cybersecurity company Mandiant, possibly including “destructive attacks that target critical infrastructure.”
“Organizations need to begin preparing,” Hultquist added.
Intrusions by hackers on hospitals, power utility companies, and the financial system were until recently rare. But organized cybercriminals, many of them living in Russia, have gone after institutions aggressively in the past two years with ransomware, freezing data and computerized equipment needed to care for hospital patients.
In some cases, those extortion attacks have led to patient deaths, according to litigation, media reports and medical professionals.
Friday’s attack on Ukrainian websites included a warning to “be afraid and expect the worst”, at a time when Russia has amassed about 100,000 troops near Ukraine, raising fears in the West that it is considering an invasion. Moscow denies it wants to invade.
Russia has repeatedly rejected hacking allegations leveled by Ukraine and other countries over the years. While a suspect in the new web defacements, Russia has not been directly accused by Ukraine.
In 2014 Russian troops went into the Black Sea peninsula of Crimea and annexed it from Ukraine. If Russia invades again, more cyberattacks would occur too, predicted former CrowdStrike cybersecurity executive Dmitri Alperovitch.
They would most likely be disruptive, not fatal, Alperovitch said. “It will be a sideshow. The main show will be on the ground.”
Ukraine has already borne the brunt of some of the largest hacks on infrastructure to date.
In December 2015, a first-of-its-kind cyber attack cut the lights to 225,000 people in western Ukraine, with hackers also sabotaging power distribution equipment, complicating attempts to restore power.
The average temperature during the winter in Ukraine is bellow freezing and losing heat is potentially lethal. Outages in the 2015 attack reportedly lasted six hours in some towns.
In the last two months of 2016, hackers targeted Ukrainian state institutions about 6,500 times, officials said. The cyberattacks showed Russian security services were waging a cyberwar against Ukraine, the government said.
An attack on the State Treasury halted its systems for several days, meaning state workers and pensioners had been unable to receive their salaries or payments on time.
The attacks against Ukraine’s power grid are considered by experts as the first examples of hackers shutting off critical energy systems supplying heat and light to millions of homes.