Russia’s assault on Ukraine has led shares in major cyber security groups to rise, as investors bet that demand for their products will grow amid fear battlefield cyber attacks will spill over to computers around the world.
The discovery in Ukraine this week of a “wiper” malware, which permanently deletes data on infected computers, accelerated a scramble by companies to bolster their defenses, lest it spread into other countries.
CrowdStrike, which uncovered Russian hackers inside the servers of the U.S. Democratic National Committee in 2016, rose by around 10 percent on Thursday, as did prominent threat intelligence company Mandiant. Both California-based Palo Alto Networks and Cloudflare jumped 12 percent.
Critical infrastructure groups, such as financial institutions, pipelines, aviation and electricity companies, were also urged to prepare for the possibility of debilitating attacks from Russia or Russian-affiliated actors, such as criminal ransomware groups, in the event of an escalation of cyber warfare .
“This is not business as usual. There’s a war happening in Europe and war has evolved – the technologies we rely on can provide opportunities for bad actors, ”said Chris Krebs, former director of the US Cybersecurity and Infrastructure Security Agency and head of cyber consultancy Krebs Stamos Group.
“Given the heightened tensions, the fact that Russians have significant capabilities and given they have targeted us in the past for intelligence collection and other sorts of disruptive attacks. . . we need to take the time we have in front of us to be prepared. ”
Intelligence agencies have warned for months that Russia’s assault on Ukraine would be accompanied by cyber attacks, including repeats of assaults on infrastructure, like the blackouts in 2015 in Kyiv that were blamed on Russian intelligence.
Last week, the US Cybersecurity and Infrastructure Security Agency warned of “consequences for our own nation’s critical infrastructure”, urging US companies to fortify their defenses with the tagline “shields up”.
President Joe Biden on Thursday hinted at the possibility of a tit-for-tit response: “If Russia pursues cyber attacks against our companies, our critical infrastructure, we are prepared to respond.”
Reuven Aronashvili, who helped create the Israeli army’s “Red Team” unit, and now runs a cyber security firm called CYE, said corporations were flooding his company with requests for help. “We are seeing a very significant increase – just in the last 48 hours, we’ve seen almost a ten-fold increase in demand.”
He added that Russian organizations were also preparing for the possibility of being caught up in retaliation attacks from the West, something he had not witnessed before.
Theresa Payton, a former White House chief information officer who is now chief executive of cyber security consultancy Fortalice Solutions, said the FBI “has been putting out bulletins all week about different concerns they have” through its InfraGard system, a partnership with the private sector designed to foster “the protection of US critical infrastructure”.
“We have had some organizations ask us to help them accelerate rollouts of changes they were getting ready to make,” she said. “This week, it has been fast and furious.”
In particular, there are fears that the wiper malware discovered last week, which has been lurking in some Ukrainian computer systems since December, could spread.
A similar 2017 malware, nicknamed “NotPetya” and attributed by US intelligence to Russia, caused $ 10bn of damage to computer systems worldwide after “jumping the rails” of the Ukrainian targets it was designed to disable and hit major firms like Maersk.
This time around, the malware does not appear to initially spread as fast, but destroys data so efficiently that it makes infected systems inoperable, experts said. It is similar to a wiper malware discovered in January by Microsoft that had already spread to computers in Latvia and Lithuania, both NATO countries. Neither pieces of malware have been directly attributed to Russia.
Some Ukrainian government websites have been brought down by “denial of service” attacks, where hackers use bots around the world to bring down websites by flooding them with requests for information. The US has blamed one of these attacks directly on Russia.
While these do not represent a threat to other companies, experts warn that significantly more sophisticated attacks could soon be in play.
“What we have seen by and large in the Russian attacks in Ukraine have been low-level harassment type attacks,” said Greg Austin, leader of the Cyber, Space and Future Conflict Program at the International Institute for Strategic Studies. “In a sense we see that what the Russians were doing was experimental. . . they have not unleashed the full destructive potential they are planning to. ”
Suzanne Spaulding, security expert at the Center for Strategic and International Studies and former senior official at the US Department of Homeland Security, warned that Russia might also deploy painful ransomware attacks if cyber warfare escalates, as well as misinformation campaigns designed to destabilize markets.
These may not come directly from the Russian state but from state affiliated criminal groups or other “surrogates”, according to Mike Rogers, former director of the National Security Agency, who added that this allows Russia more plausible deniability for attacks.
On Friday, the notorious Conti criminal ransomware group, which was responsible for a major attack last year on the Irish healthcare system, announced that it was lending the Russian government its “full support” and would use its resources to strike back at the critical infrastructures of an enemy ”.
Shlomo Kramer, a co-founder of Checkpoint and CEO of cloud security firm CATO Networks said the last-minute rush by firms to prepare themselves was the result of a lack of awareness, rather than capabilities.
“The cybermarket is just beginning and a little cyber war will cause the market to be much, much bigger,” he said. “There needs to be enough pain before the market can jump to the next level. I do not know if this is the conflict that will create this, but sooner or later one will. ”
Additional reporting by Joshua Franklin in New York