Canada's federal cyber security authority, the Canadian Centre for Cyber Security (CCCS), has been warning operators of critical infrastructure to harden their defences against cyber attacks stemming from the current conflict in Ukraine. Since the notice was issued in late-February, we have seen the hazards alluded to by the CCCS increasingly crystallize. For instance, we have already seen the first known attack on Canadian infrastructure—Rio Tinto’s smelter in Quebec—by Russian cyber criminals, with the presumed intention to send a message to countries supporting Ukraine.
Unsurprisingly, the bulk of reported cyber activities from Russia have been directed at Ukraine, with reports of attacks on government websites, a major internet provider, banks, and possibly even a satellite network. As of early March it was already estimated that cyber attack attempts on Ukraine had increased tenfold. However, with Russia now partially banned from SWIFT and facing unprecedented levels of sanctions and opprobrium, Western governments are warning of imminent reprisals. Infrastructure targets, both public and private, may be specifically targeted, including financial institutions and utilities.
The Ukrainian government has also linked with private hackers to use their talents to attack Russian and Belarusian companies, banks and government organizations. Recruits from around the world are purportedly flocking to assist Ukraine in defensive and offensive cyber operations. Naturally, as Ukraine seeks allies around the world, its cyber activities have confined to Russia and Belarus.
The threat to both critical infrastructure and private business more generally is not limited to attacks by the actual states in this dispute, or even their nation-state allies. Private third parties have intervened since the beginning of the conflict as well, creating an even less predictable state of affairs. We have seen, and expect to see more, activity from criminal organizations such as Conti, which publicly announced its support for the Russian government and threatened to target the critical infrastructure of anyone who was a threat to Russia. While Conti is effectively a profit-driven ‘ransomware-as-a-service’ (RAAS) operation with over 400 ransomware attacks in the United States and abroad, its reported connections to Russian intelligence and its public support for Vladimir Putin may lead to it targeting foreign targets in sympathetic campaigns to Russian initiatives. Conti has not hesitated to attack Western infrastructure in the past, and recently took credit for shutting down an Australian electric utility.
Among those answering the call to retaliate against Russia are Anonymous, the mysterious hacktivist collective, and the Cyber Partisans, who collectively launched successful attacks against Russian banks and its state broadcaster, the Russian state space agency, and a Belarusian rail network used to move Russian troops into Ukraine. On March 19, 2022, Anonymous put Western companies still doing business in Russia (many of which it called out by name) on notice that if they did not withdraw within 48 hours, they too would become targets of the collective.