(Bloomberg) — Fears of “scorched-earth” cyberattacks stemming from a standoff between Russia and the West over Ukraine may be overblown, and could give undue influence to the Kremlin, according to a senior executive at cybersecurity firm Mandiant Inc.
Sandra Joyce, Mandiant’s executive vice president of global intelligence and a lieutenant colonel in the U.S. Air Force reserve, said that unfounded concerns about Russia’s cyber power threaten to hamper diplomacy.
“We’ve had a lot more death and destruction from real kinetic war than we’ve had from the cyber domain, and I think that people just need to slow down and realize that,” Joyce said in an interview. “I’ve seen a lot of headlines that make me think, ‘You know, we need to just get a grip. We need to calm down.’”
Ukrainian banks and government agencies suffered cyberattacks on Tuesday, sparking fresh anxiety about state-sponsored hacking. A “strong” distributed denial-of-service, or DDoS, attack targeted the Ukrainian government’s website for Diia, a service that citizens can use to store everything from passports, driver’s licenses and vaccination certificates, said Mykhailo Fedorov, Ukraine’s minister of digital transformation.
Ukraine’s defense ministry and two state-run Ukrainian lenders, Privatbank and Oschadbank, also suffered DDoS attacks, which interrupted access to some of their services. The banks said the attacks on their systems lasted several hours, but that most functions have since been restored. The government did not attribute the malicious activity to any specific attacker or foreign entity. DDoS attacks typically occur when attackers direct inauthentic web traffic to a single site, aiming to knock the service offline.
The attacks came as President Joe Biden said Russian troops remained in a “threatening position” near Ukraine’s border. Russia’s defense ministry signaled it would withdraw some of its troops, though Biden said an invasion remained “distinctly possible.”
Ukrainian government websites were breached and defaced last month, with Ukrainian investigators initially blaming Russian hackers. Suspected Kremlin-backed perpetrators were responsible for intrusions that affected Ukraine’s power grid in 2016, according to U.S. Department of Justice charges.
Moscow has denied involvement in malicious cyber activity, and Russian President Vladimir Putin has denied that he intends to invade Ukraine.
Mandiant, which works closely with the U.S. government, has deep insight into global cyber threats and nation-state activity. Its employees monitor state-sponsored hackers in real time, while its consultants are often called by companies that have been breached by foreign entities. Microsoft Corp. has been in talks to acquire Mandiant in recent weeks.
In recent days, the U.S. Cybersecurity and Infrastructure Security Agency has warned American companies to put “shields up” to prepare for potential hacking that may come as a result of Russia’s military presence near Ukraine’s border.
If the U.S. responds with new sanctions on Russia, cyberattacks on U.S. businesses or critical infrastructure could follow, the thinking goes. Joyce notes that these concerns are reasonable, and says that attackers have shown a willingness to use some of their most aggressive tactics against the U.S.
“Every organization in the U.S. is at risk from cyber threats that can disrupt essential services,” CISA Director Jen Easterly said in a tweet. “As we know, the Russians have used cyber as a key component of their force projection, to include disabling or destroying critical infrastructure.”
Easterly said there is no specific credible threat to the U.S.
Recent events have led to overheated rhetoric, Joyce said. “A lot of the wording that’s used can conjure up these scorched-earth cyber outcomes,” she said.
Concerns about Russian hacking affecting Ukraine and the West are real and valid, she said, but organizations should focus on preparing their defenses and recognize that Russians are seeking to spread fear about their hacking abilities.
“We can restore networks — we are resilient when it comes to that,” she said. “We can take preparatory action. We can do something about it on the front end and then we can recover. Some of the terminology can kind of make it seem like there isn’t that type of resilience.”
(Updates with detail on earlier cyberattacks starting in fourth paragraph.)
More stories like this are available on bloomberg.com
©2022 Bloomberg L.P.
