With business and government more reliant than ever on computer networks for everything from financial transactions to controlling the flow of everything from packages to oil, the uncomfortable reality is that cyberspace is a new front in warfare. The federal government issued a rare “shields-up warning” to businesses and other organizations to be more vigilant in protecting their networks. Companies are warning employees to be more alert to phishing, or malicious emails, and other anomalies.
As Russian President Vladimir Putin encounters more obstacles on the ground in Ukraine, he’ll be more likely to look to digital opportunities to retaliate against the U.S. and other countries that have imposed economic sanctions, predicts Michael Rogers, who led the U.S. Cyber Command from 2014 to 2018 and now teaches at Northwestern University’s Kellogg School of Management.
“He will be asking himself: what tools do I have to increase pressure against the West and get the West to back down? What you’ll see play out is him seeing cyber as a tool I have to help me do those things and inflict economic pain on the U.S.
“Traditionally you’ve seen Russia to use cyber as a tool for espionage,” says Rogers, a retired Navy admiral and Chicago native. “Criminal groups out of Russia have used cyber as a tool in the form of ransomware to generate revenue to unlock your data or technology. Potentially you’re going to see a scenario in which they say, ‘I don’t care about your money: I’m going to penetrate your networks and lock down your data and launch malware within your systems to deny you access.’ ”
The line between state-sponsored hackers and civilian ransomware artists has been dissolving. Kory Daniels, global director of cyber defense consulting at Chicago-based cybersecurity firm Trustwave, points to NotPetya, in which a ransomware tool was redeployed to permanently damage networks in Ukraine, then quickly spread.
“What’s been the frightening thing is to see malware not for financial gain but data-destructive capabilities,” Daniels says. “There is a heightened risk because we’ve seen the fallout from this type of situation in the past.”
Potential targets include governments, high-profile corporations, financial markets and infrastructure, from energy to transportation. Chicago is home to all of those.
Business were anxious before the conflict between Russia and NATO reignited as cyberattacks intensified in frequency, sophistication and severity with their targets suffering more crippling consequences. Last year, Colonial Pipeline, a major fuel transporter, was interrupted by a ransomware attack.
Clients of Trustwave, which advises companies on cybersecurity and helps them monitor networks for breaches, have been checking in more frequently. “They want to know what are we seeing and hearing,” Daniels says. “They’re looking for clarity, reassurance.”
So far, there isn’t a noticeable uptick in widespread attacks across organizations, he says.
Rogers cautions that cyberwarfare is a long game. “This is something that’s going to unfold over weeks and months.”
Cyberattacks have been on the rise for several years, but the backdrop of Ukraine has ratcheted up awareness and anxiety. Toyota said Monday it would suspend production at Japanese factories after one of its suppliers suffered a cyberattack. Aon also reported Monday that it had suffered “a cyber incident impacting a limited number of systems” but it “has not had a significant impact on our operations.”
So far, there’s no reason to connect either incident to Ukraine. “I can’t say if it’s directly related,” Daniels says. “It’s tied to a familiar pattern we’ve seen after other nation-state events like Stuxnet and NotPetya.”