Russia could cyberattack Ukraine — again — and disrupt the entire world
SCOTT SIMON, HOST:
Russian troops are massed on the border, and many Ukrainians are enlisting for military service. But an on-the-ground invasion isn't Russia's only option. President Putin could launch an all-out cyberattack that could disrupt the entire world. To understand just how devastating cyberattacks can be, you actually need to go back a few years to the summer of 2017. And here's NPR's cybersecurity correspondent, Jenna McLaughlin.
JENNA MCLAUGHLIN, BYLINE: Matthew Olney remembers the day he found out about a catastrophic cyberattack in Ukraine that shut off, well, everything.
MATTHEW OLNEY: I was at Starbucks, and my phone rang. I was waiting in line. It was, you know, our partner on the ground in Ukraine. And basically, the first words out of his mouth was essentially everything is off. Nothing is working.
MCLAUGHLIN: Russian military hackers had attacked energy firms, banks and government agencies in Ukraine through a popular tax filing software program pretending to be criminals. But their goal was to cause destruction. Olney's team of threat intelligence researchers at the tech company Cisco were working with Ukrainian authorities to track malicious hackers. While Ukraine was the intended target, the nasty code got out and spread to companies around the globe, costing them billions of dollars.
OLNEY: So the attack clearly wasn't just at the infrastructure of Ukraine, but it was at the very ability of Ukraine to deal economically with the world.
MCLAUGHLIN: Ukraine has been a punching bag for Russian cyberattacks for years, but things have heated up lately as Russian President Vladimir Putin has sent large numbers of troops and equipment to the border. Everyone's on edge.
VIKTOR ZHORA: We understand all the risks connected to potential cyberattacks that can happen in the near future.
MCLAUGHLIN: Viktor Zhora is a senior cybersecurity official in Ukraine.
ZHORA: And our task is to be ready to this, understand all the risk, and be prepared to resist.
MCLAUGHLIN: Zhora is leading an investigation into a recent breach. Likely Russian hackers defaced dozens of government websites and destroyed several computers at government agencies. The websites are back up, and the damage has been contained. But Zhora says the intelligence gleaned from the attack could be valuable, particularly when it comes to critical infrastructure in the energy sector.
ZHORA: Ukraine has a long history of being a target for cyberattacks and particular in energy sector, like it happened in 2015 and 2016 with attacks on the power grids. And now we use this experience and new technologies and awareness to provide resilience.
MCLAUGHLIN: He says Ukraine has new cybersecurity requirements for key public facilities. The state department has people on the ground helping build technical capacity for one. But it's a big challenge. Vulnerable, pirated software is still extremely popular in Ukraine, and it's very difficult to keep Russian hackers out. Remember that NotPetya attack? It's not just a nightmare Ukrainians are hoping to stop from repeating. It's also a cautionary tale for the rest of the world.
VISHAAL HARIPRASAD: It really reminds the industry of 2017 and the NotPetya attacks. And, you know, that's - that was the last major cyberevent before the ransomware epidemic that really hit home for a lot of folks. So it's top of mind for many insurers.
MCLAUGHLIN: That's Vishaal Hariprasad. He goes by V8, and he's the CEO of Resilience Insurance. He says the industry is bracing for the possibility that the escalating situation in Eastern Europe might not stay contained there. But, like in Ukraine, he hopes the lessons of the past have sunk in. During NotPetya, hackers exploited vulnerabilities that had patches available. And companies that had kept their software up to date were protected.
HARIPRASAD: So what we've been sharing with a lot of insurers is, don't worry too much about who's pulling the trigger necessarily. From an enterprise perspective, if you're going to get caught in this crossfire, do your best to patch, to make sure that you've addressed the right vulnerabilities.
MCLAUGHLIN: And as an additional layer of protection, the U.S. government has put out some advisories specifically about Russian hackers' favorite tools and tricks. Plus, DHS's cyberagency CISA says companies should be wary of digital traffic coming from Ukraine amidst the ongoing crisis. Jenna McLaughlin, NPR News, Washington. Transcript provided by NPR, Copyright NPR.