These days it’s not only on battlefields where wars are fought and, amid Russia’s invasion of Ukraine, there are concerns that cyberattacks could hit European countries.
Lithuania’s central bank has warned the country’s banks to prepare for power cuts and cyber attacks.
The country shares an electricity grid with Russia, along with its Baltic neighbours Estonia and Latvia. The government in Riga also fears cyberattacks.
It comes as the Anonymous “hacktivist” collective recently attacked Russian banks and ministries, crashed Russian TV stations and propaganda sites, and has made public thousands of confidential Kremlin documents.
According to Lithuania’s central bank, financial companies should have contingency plans in place for cyber attacks such as ransomware and distributed denial of service (DDOS) attacks, in which cybercriminals try to overload a network with high volumes of data traffic. The bank also told other lenders to prepare for a breach similar to the 2021 cyber attack on SolarWinds, linked to a Russia-based agency that targeted hundreds of companies and organisations.
The European Central Bank (ECB) itself has raised the alert and some banks and companies are already testing their ability to withstand such a threat.
The UK’s National cyber security centre warned organisations to monitor their cyber resilience after detecting an increase in ransomware attacks from Russia. The head of Germany’s Federal Financial Supervisory Authority BaFin, Mark Branson, also warned of the worrying interaction between cyber warfare and geopolitics.
Similarly, Italy’s national cybersecurity agency has warned that Russia’s invasion of Ukraine will increase “the cyber risks to which Italian companies that have relations with operators located on Ukrainian territory are exposed”.
Private companies enter the fray
Last Wednesday, just hours before Russian tanks began entering Ukraine, an alarm was raised in Microsoft’s Threat Intelligence Center by a never-before-seen malware targeting Ukrainian government ministries and financial institutions.
Within three hours, Microsoft launched itself into a cyberwar against an enemy fighting thousands of kilometres away.
The threat centre, north of Seattle, was on high alert and quickly disassembled the malware, named it FoxBlade, and informed the highest Ukrainian cyber defence authority.
Within three hours, Microsoft’s virus detection systems were updated to block the code, which erases all data on computers in a network.
‘Prepare, don’t panic’
Sandra Joyce, head of global intelligence at the cybersecurity firm Mandiant, is of the opinion that “we should prepare, but not panic because our perceptions are also the target”.
Joyce added that many Western governments and companies are prepared to handle these Russian-backed attacks.
The danger of cyberattacks, in any case, is at the top of the European Union’s concerns. The President of the European Commission, Ursula von der Leyen, mentioned “hybrid and cyber-attacks” in a tweet on 15 February when presenting Brussels’ new European defence guidelines.
In Ukraine, these attacks are ongoing. After a malware attack in January crashed the computers of several government agencies, two large Ukrainian banks and the Ministry of Defence website were hit.
Mykhailo Fedorov, Ukraine’s minister of digital transformation, said it was the most serious attack of its kind on the country.
One week ago, in response to Ukraine’s request, Lithuania, the Netherlands, Poland, Estonia, Romania and Croatia activated the Cyber Rapid Response Team to help Ukrainian institutions “to cope with growing cyber threats”.
It was the first time an EU military project under the Permanent Structured Cooperation (PESCO) framework entered an operational phase.
Risk for Europe
MEP Bart Groothuis said that the same malware attacking critical infrastructure in Ukraine has already been detected in Latvia and Lithuania.
The European Union Agency for Cyber Security has issued guidelines to strengthen the security of public and private organisations in Europe in response to the war in Ukraine, amid similar moves in the US and UK.
Lithuania, the Netherlands, Poland, Estonia, Romania, and Croatia were planning to send a team of cybersecurity experts to Ukraine. Then the invasion started and it was no longer possible.
Meanwhile, the EU’s foreign service and national cyber response teams also played out an imaginary scenario in which a cyber attack from Blueland, an imaginary country that looked a lot like Russia, causes breakdowns in hospitals and power plants across Europe.
The imaginary attack caused casualties, triggered EU sanctions, and the activation of a mutual defence clause in the EU treaty, which was last used when terrorists attacked Paris in 2015.
Several technology associations from Romania, Moldova, Lithuania, Slovakia, Estonia, Hungary, Poland, and Finland have called on EU leaders to implement a ‘digital shield’. Because experts do not wonder if there will be a very harsh cyber attack against European infrastructure. Experts wonder when this attack will take shape.