By Adam Boileau*
Opinion – The escalating conflict in Ukraine is geographically distant from New Zealand, but like many Western governments, New Zealand’s security services have warned businesses to be prepared for impacts to computers and networks from the country.
Cyberattacks on Ukraine attributed to Russia have been going on for many years, and there are now reports of computers being rendered unusable. Some of these attacks in the past have caused collateral damage to multinational organizations operating in Ukraine, the most notable being the 2017 paralysis of the shipping company Maersk in the Russian “NotPetya” attack.
The infamous NotPetya attack targeted users of a very common Ukrainian tax filing software, giving access to almost every organization in the country. This was then used to deploy destructive software that would spread through the network it was in and then destroy the datacomputers, rendering them inoperable.
This attack was unleashed on the eve of the holiday of Ukrainian Constitution Day, when the country honors its independence. It is not clear that Russia expected this attack to spread so effectively from the multinationals’ Ukrainian offices, causing disruption as far afield as a Cadbury chocolate factory in Tasmania and Maersk’s operations at ports. from Auckland and Tauranga.
A similar campaign has been underway in recent days in Ukraine and the Baltics, but with more controlled targeting of companies supporting Ukraine.
The interconnected nature of IT systems and globalized businesses makes it difficult to accurately monitor the impact of cyberattacks, especially in a rapidly evolving conflict.
The unconstrained use of wartime hacking by a nation with a surge capability – if it occurs – is also a new situation, with real uncertainties as to how designs of deterrence and mutually assured destruction of the Cold War era apply.
The United States and its allies have also spent many years getting into position to carry out similar attacks on adversaries, with Biden reportedly offering options in recent days to disrupt Russian rail systems.
It’s possible that as a non-violent option, cyberattacks will be presented to US leaders as less escalating, but cyber escalation is a real unknown. The United States has also affirmed its willingness to respond to the hacking of its infrastructure with real-world military action.
The distinction between civilian and military infrastructure is also increasingly blurred – the global positioning system satellite navigation network for example – where a cybernetic or kinetic attack could have significant consequences on communications, logistics and other civilian uses.
New Zealand or Australia are unlikely to be the direct targets of Russian cyber attacks in response to our political support for Ukraine and NATO, due to our lesser geopolitical importance to Russia.
That said, New Zealand businesses and infrastructure operators should be prepared for cyberattacks and expect disruptions to supply chains and international partners as the conflict escalates. This could be things like: making sure business continuity plans are ready, hunting threats for specific Russian trades in computer networks, and making sure situational awareness is maintained by following trusted sources in industry and government.
Warnings issued by government and private sector intelligence agencies recognize the heightened level of risk to global systems such as communications, logistics and energy.
It is also possible that Russian-aligned criminal groups are increasing ransomware or cyber extortion from Western companies out of patriotism or economic necessity. While extensive sanctions isolate Russian citizens from the traditional global financial network, the loss of revenue and the ability of digital currencies to circumvent these controls make cybercrime an attractive alternative.
The Russian government-led hack in Ukraine has targeted electricity, knocking out power to 250,000 people in 2015, wiping government agencies’ computers, bombing websites with traffic to prevent them from being used, and leveraging widely used software to access private sector organizations .
The government is highly unlikely to order a hack in New Zealand, but the less sophisticated attacks overlap the skills of criminals, as seen with attacks on Waikato DHB or denial of service attacks on the stock exchange. NZX.
Many companies have relied on insurance to cover hacking and extortion, but sanctions and war can make claims on existing policies more difficult. This could leave the bill to the victim, but at the same time change the math for abusers who have sometimes chosen to attack the insured, as they are more likely to pay.
As a member of the Five Eyes intelligence alliance and government policy stance, New Zealand clearly knows which side of the conflict it is on. Russian criminals and patriots will take any easy target they can find, and our geographical isolation means little more than a few hundred extra milliseconds of internet latency.
*Adam Boileau leads CyberCX’s security testing practice in New Zealand. He has been a hacker for 25 years and is the co-host of the Risky business security news podcast. For businesses and organizations looking to identify compromise, the Australian Signals Directorate has some examples of sources and “indicators of compromise” here.