White House Denies Mulling Massive Cyberattacks Against Russia

The options reportedly included tampering with trains, electric service and internet connectivity, hampering Russia’s military operations in Ukraine.

The White House has denied reports that President Biden has been presented with an arsenal of ways to launch massive cyberattacks against Russia – attacks designed to disrupt the country’s ability to sustain its military operations in Ukraine.

NBC News on Thursday reported that the options included “disrupting internet connectivity across Russia, shutting off electric power, and tampering with railroad switches to hamper Russia’s ability to resupply its forces.”

Russia’s military forces have been deployed in a ​full-scale attack against Ukraine.

Infosec Insiders Newsletter

Within hours of the report, press secretary Jen Psaki said in a tweet that NBC got it wrong: “This report on cyber options being presented to @POTUS is off base and does not reflect what is actually being discussed in any shape or form,” she said.

The outlet’s sources – “two U.S. intelligence officials, one Western intelligence official and another person briefed on the matter” – told NBC that no final decisions had been made as of earlier on Thursday.

One of those sources said the possibilities range from the aggravating to the destructive: “You could do everything from slow the trains down to have them fall off the tracks,” said the source, who’d been briefed on the matter.

But that source also said that most of the potential measures on the slate of possible cyberattacks (a slate that, again, press secretary Psaki said was inaccurate) wouldn’t be destructive but would, rather, be designed to be disruptive, hence falling short of an act of war by the United States against Russia, according to NBC.

Would the U.S. Be Prepared for Retaliation?

NBC’s sources said that the purported slate of cyberattack options were allegedly presented irrespective of the likelihood that Russia would retaliate.

And retaliate it would, cybersecurity experts predicted, whether in response to sanctions, to any arms/material support the United States may choose to send to the Ukrainian resistance, or to whatever cyberattacks the country might launch.

Mark Moses, director of client engagement at application security provider nVisium, told Threatpost via email on Thursday that Russian cyberattacks against critical U.S. infrastructure and economic assets “will escalate rapidly if the United States takes a real stance against the annexation of Ukraine to Russia.”

In fact, government outfits and key businesses should already be bolstering defenses and ensuring that redundant systems are in place, he said, as defense against state-level actors “is at another level from defense against the average Internet threat actor.”

There’s already been a swirl of malicious cyber-action that’s coincided with Russia’s deployment of troops to Ukraine.

On Tuesday, a wave of distributed denial-of-service (DDoS) attacks hit institutions central to Ukraine’s government, military and economy, including banks.

In addition, Cybersecurity firms ESET and Broadcom’s Symantec earlier this week reported that new data-wiping malware, dubbed HermeticWiper, was discovered on hundreds of machines on Ukrainian networks.

In a Thursday post, the Digital Shadows Photon Research team noted that researchers found that in some cases the malware had been compiled in December 2021, “indicating that the attack had been prepared in advance.” Other research identified that HermeticWiper was deployed directly from Windows domain controllers, indicating [it’s] realistically possible that attackers may have had prolonged access prior to execution.”

Hitesh Sheth, President and CEO at cybersecurity company Vectra, told Threatpost that it’s “imperative” for the United States’ organizations and government bodies to fortify defenses while the government considers offensive options. “Going on the offensive without the right technology to defend ourselves in cyber space would be bad strategy,” he declared.

John Hellickson, field CISO and executive advisor at cybersecurity advisory services provider Coalfire, agreed that retaliation by Russia could have “devastating” impacts on essential services in the United States. He told Threatpost via email on Thursday that we’ve still got a lot of work here at home to ensure that such retaliatory attacks could be sufficiently thwarted, “as evidenced by very public ransomware and similar attacks of recent.”

Hellickson preached caution: “We need to avoid crossing the line of such considerations as it’s difficult to predict the impacts of a likely retaliation,” he advised.

More to Come

Digital Shadows is foretelling that Russia will launch yet more malicious cyber-action targeting Ukraine. Cyberattacks could extend beyond Ukraine, researchers predicted, with future attacks potentially affecting NATO and EU member states.

“This has already been observed with HermeticWiper impacting networks in Latvia and Lithuania,” Digital Shadows pointed out. The researchers compared the situation to the 2017 global NotPetya attacks: attacks allegedly tied to Russian military intelligence.

“It is also realistically possible that the financial services, energy, and oil & gas sectors in particular are under an increased risk from Russian aligned threat actors,” Digital Shadows suggested. “Targeting oil & gas in Europe, for example, could serve to cause concern among nation-states dependent on Russian energy.”

Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our FREE downloadable eBook, “Cloud Security: The Forecast for 2022.” We explore organizations’ top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists.

Suggested articles