Experts urge caution in assessing Ukraine cyberattacks
Despite these incidents not yet being attributed to an actor, experts are worried they could signal an uptick in activity in eastern Europe amid the Russian troop buildup.
“Overall, this is telling us that more is starting to go down in Ukraine. I think this may very well signal the beginning of a Russian attack on Ukraine,” Tatyana Bolton, policy director of the Cybersecurity & Emerging Threats team at the R Street Institute think tank, told C4ISRNET. Bolton is also the former director of the Cyberspace Solarium Commission, a a bipartisan organization created in the 2019 defense policy bill to develop a multipronged U.S. cyber strategy.
Bolton noted there’s no direct indication Russian entities are responsible. However, the targets affected are what one might see during the beginning of a coordinated military campaign, she said.
Using denial of service indicates some level of restraint, which Bolton described as a bit atypical for Russia.
“Usually, [DDoS] doesn’t take you offline for more than a day,” she said. “It can be more serious, but it’s not like encrypting all their files or deleting all their files. Those would have really been significant attacks. But the concern is also, what’s next? Is this a smokescreen for a larger incident or attack?”
The critical infrastructure sector — such as energy companies — were not targeted, which could signal that if Russia was behind the incident, they either view the banking sector as more critical or they are following general rules of warfare by not knocking out power to the civilian sector in the dead of winter, Bolton added.