Russia’s cyber warfare is a problem for ‘everyone,’ experts warn

Canada is reviewing its cyber defenses to make sure it’s secured against potential cyberattacks from an increasingly aggressive Russia. Experts say you should do the same at home.



A woman holds a sign with a caricature of Russian President Vladimir Putin during a rally in support of the people of Ukraine in Vancouver, on Thursday, February 24, 2022. THE CANADIAN PRESS / Darryl Dyck


© DD
A woman holds a sign with a caricature of Russian President Vladimir Putin during a rally in support of the people of Ukraine in Vancouver, on Thursday, February 24, 2022. THE CANADIAN PRESS / Darryl Dyck

While cyberattacks are already pummeling Ukraine, they could affect the average Canadian in a number of ways, too. They could hit your pocketbook, permanently wipe important files or sentimental photos from your electronics. In severe instances, they could disrupt critical infrastructure we rely on.

“You are a potential cybersecurity risk. The threat does apply to you.” said Andrew Loschmann, co-founder and COO of cybersecurity company Field Effect.

“This is something that a lot of people will dismiss and figure, ‘it’s not a problem for me,’ but the reality is, it is a problem for everyone.”

Read more:

Ukraine seeks EU membership as ceasefire talks with Russia wrap up

Russia has already launched attacks both on the ground in Ukraine and in the online space. Those attacks, according to experts, have been relentless. Microsoft described Russia’s recent cyberattacks against Ukraine as raising “serious concerns under the Geneva Convention.” Russia has also been blamed for major new disruptive malware in Ukraine, prompting a warning from the Canadian Center for Cyber ​​Security.

But while recent Russian attacks have primarily targeted Ukrainians, Microsoft said, you’re likely using some of the same software – meaning your computer is at risk of being exploited.

Here’s what you need to know to stay cybersecure amid a growing Russian threat.

Russia has sophisticated capabilities in the cyber warfare space, according to experts, and it’s already deployed some of its online troops.

“Just as Russia has great military might, they certainly have the same capability in terms of cyber warfare,” Loschmann said.

Russia’s cyber warfare infrastructure is large and varied. The US government’s Congressional Research Service published an analysis of Russian cyber units earlier this month, which described “sophisticated cyber capabilities” in Russia to conduct everything from “disinformation” and “propaganda,” to “espionage” and “destructive cyberattacks.”

Video: US ‘will not indulge’ in nuclear war rhetoric with Russia: White House

Russia’s various security and intelligence agencies oversee the “numerous” cyber units. These units have murky motivations, the analysis found, as many Russian security agencies compete against one another and conduct similar operations on the same target.

These nefarious operations take a number of forms, including hacking into systems abroad, targeting operational technology networks with destructive malware, or accessing accounts through passwords leaked on the dark web.

Ukraine has been bearing the brunt of Russia’s cyberattacks in recent weeks.

“Several hours before the launch of missiles or movement of tanks on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure,” Microsoft President Brad Smith wrote in a blog post Monday.

There “have been recent cyber efforts in Ukraine to steal” a wide range of data, “including” health, insurance, and transportation-related personally identifiable information (PII), as well as other government data sets, “Smith wrote.

Read more:

‘Every morning we check to see if our family is living’: woman with family trying to flee Ukraine

Another example of this warfare is a new, disruptive malware known as HermeticWiper, which has been targeting Ukrainian organizations. The malicious software penetrates a system and then proceeds to wipe all the data that belongs to a government agency or a company, making it unrecoverable.

HermeticWiper is a new, severe consequence that can arise from a simple cyber-safety mistake, according to Terry Cutler, who is an ethical hacker and the CEO of the data defense service firm Cyology.

Before, he explained, ransomware would generally contaminate your computer, scramble your data, and the bad actor would release it when you give in to their request – generally by paying them money. However, this new virus “destroys the data” so you “can’t retrieve it anymore.”

“I foresee a lot of that happening, where people just click on a link … they’re not supposed to, and their data is gone,” Cutler said.

Negotiations and more fighting on Day 6 of the Ukraine invasion

  • The federal government has announced changes to the Bank of Canada's mandate.  Business correspondent Anne Gaviola offers her insight on what the changes could mean for interest rates, inflation, and housing.
    Bank of Canada receives renewed mandate
    The federal government has announced changes to the Bank of Canada’s mandate. Business correspondent Anne Gaviola offers her insight on what the changes could mean for interest rates, inflation, and housing.

    Global News Logo
    Global News

  • The Bank of Canada's new mandate keeps at its heart a two per cent annual inflation rate.  However, when setting its trendsetting interest rate, Canada's central bank will now also consider the health of the job market as part of its inflation-targeting regime.  Anne Gaviola explains what that means for Canadians and their wallets.
    What the Bank of Canada’s new interest rate mandate means for consumers
    The Bank of Canada’s new mandate keeps at its heart a two per cent annual inflation rate. However, when setting its trendsetting interest rate, Canada’s central bank will now also consider the health of the job market as part of its inflation-targeting regime. Anne Gaviola explains what that means for Canadians and their wallets.

    Global News Logo
    Global News

  • Conservative Leader Erin O'Toole took aim at Canada's economic update on Tuesday, suggesting Canadians are being
    O’Toole takes aim at Canada’s economic update, rising inflation costs
    Conservative Leader Erin O’Toole took aim at Canada’s economic update on Tuesday, suggesting Canadians are being “priced out of their own lives” because of rising inflation. “Canadian household budgets are fragile, and when you see increases of 20 to 30 percent for gas, for fuel, for rent or food, that crisis is out of control,” he said.

    Global News Logo
    Global News

UP NEXT

UP NEXT

This could be a big issue if all the data is wiped from an important institution like a bank, according to Cutler, especially if important data that gets wiped isn’t backed up anywhere. The worst-case-scenarios of these cyberattacks could result in disruption to major elements of our society, Cutler warned.

“A lot of people think, ‘well, who’s going to want to hack my computer?’ But they don’t realize that when the banks get hit, they can’t get access to their money, “he said.

“Maybe the power grid gets shut down or the water treatment plants get contaminated. Those are all things that happen in cyberspace. But it can affect us in the real world, because everything is now interconnected.”

But a cyberattack doesn’t have to be that severe to have an impact. Something that could affect the lives of individual Ukrainians, or individual Canadians, is what Loschmann called “patriotic motivated hackers.”

“These attacks are more or less indiscriminate, and the attackers might just choose a victim of opportunity. And so that might be you as an individual, or that might be you as a very small business owner, really just looking to find any target or any victim that’s out there, “Loschmann said.

Read more:

Canada issues alert on new malware targeting Ukraine. Here’s what that means

Often these hackers will try to “discredit or embarrass” their victims through methods like defacing websites or disrupting the victims’ ability to conduct business or live their lives as they normally would.

One of the more disconcerting elements of Russia’s cyber attack capabilities, Loschmann added, may have already been accomplished – accessing systems but then lying dormant.

“Russia is one of the most sophisticated and capable cyber threat actors in the world,” he said.

“You have to avoid … the potential to be overly dramatic here, but it’s important to think about what options might already be at the disposal of the Russian government and with the ever increasing sanctions, what might provoke them to trigger some of them . “

With the threat of Russian cyberattacks looming, experts say it’s as good of a time as ever to ensure your online presence is secured.

Some of the things you can do are quite basic. Give yourself a strong password, and enable two-factor authentication so you get a sent code to your phone before logging into a device or account.

“Let’s take an example: I had a great day at work, 2022, exclamation point. Pretty simple phrase. All you do is remove the spacing, capitalize each word, and that password alone will take ten years to crack,” Cutler said.

Video: Switzerland breaks neutral status, adopts all EU sanctions against Russia

Passwords can be guessed, Cutler explained, especially with the help of online quizzes that ask you identifying information, such as the name of your childhood pet, or your favorite color. They can also be leaked on the dark web, where hackers can find them and access any of your accounts that use the same password.

It’s also smart to keep your systems updated, he added, so any security vulnerabilities are patched, and to avoid clicking links in emails without carefully verifying that it’s actually from someone you know – and isn’t an attempt to

As for the Canadian government’s role in all of this, the Communications Security Establishment (CSE) confirmed to Global News that it “has been tracking cyber threat activity associated with the current crisis (in Ukraine).”

“CSE has been sharing valuable cyber threat intelligence with key partners in Ukraine,” a CSE spokesperson said in a statement.

Read more:

‘I will defend’: Kyiv man ready to fight as he tries to move daughter to safety

And while the CSE’s Cyber ​​Center said it “is not aware of any current specific threats to Canadian organizations in relation to events in and around Ukraine,” there has been a “historical pattern of cyber attacks on Ukraine having international consequences.”

While the scale of those potential consequences could be “daunting,” according to Loschmann, it’s important not to lose perspective of the fact that cyberattacks will likely focus on businesses.

“That said, individual or groups of patriotic hackers may seek to instill chaos against any victim they can find online. So do the basics at home, take cyber security seriously and remain vigilant, and remember you still have a role in cyber security at your place of work as well, “he said.

“It will make a difference.”

Leave a Comment