Irish interests could be hit by ‘scorched earth’ Russian cyber-attacks

State body says risks low but experts expect retaliation against sanctions and condemnation of war

Russia is likely to launch a ‘scorched earth’ series of cyber-attacks which will leave State and commercial interests in Ireland vulnerable to significant damage, gardaí and private sector cyber security experts believe. Photograph: iStock
Russia is likely to launch a ‘scorched earth’ series of cyber-attacks which will leave State and commercial interests in Ireland vulnerable to significant damage, gardaí and private sector cyber security experts believe. Photograph: iStock

Russia is very likely to launch a "scorched earth" series of cyber-attacks which will leave State and commercial interests in Ireland vulnerable to significant damage, gardaí and private sector cyber-security experts believe.

Furthermore, it was predicted that the anxiety caused by the war would be exploited by for-profit cyber criminals looking to steal money from consumers via scam texts, emails and phone calls as happened during the Covid-19 pandemic.

Ireland's National Cyber Security Centre has said the risk of Irish targets being hit by Russian cyber-attacks as part of the fallout from the invasion of Ukraine is "low". However, many working in cyber security and law enforcement believe there is a high risk of "spill over" damage in Ireland.

This would involve Russia launching cyber-attacks seeking to destroy infrastructure and data in Western countries in revenge for the economic sanctions being placed on the country. These could result in malware and, to a lesser extent, ransomware indiscriminately spreading and damaging IT infrastructure and destroying data.

READ SOME MORE

The theory from Garda members and cyber security experts who spoke to The Irish Times was supported by remarks made this week by Minister for Foreign Affairs Simon Coveney, who said Ireland was more at risk from cyber-attacks as a result of the war in Ukraine.

‘Appropriate precautions’

"There is an increased cyber threat in our assessment. And we are taking the appropriate precautions in relation to that in terms of a heightened sense of awareness and concern in that space," he told Oireachtas Committee on Foreign Affairs and Defence.

In the days before the invasion began, Russia launched a wave of cyber-attacks on Ukraine. These were denial of service attacks, which sought to cut off access to Ukrainian government websites and other services. So-called wiper attacks, which seek to remove data and therefore disable computers and systems, were also launched.

Ronan Murphy, chief executive of Irish cyber security firm Smarttech247, said there had been a 25 per cent increase in cyber-attacks globally in the last two weeks, much of it associated with the war in Ukraine.

He expected Russia would decide to target the West with a “scorched earth” and that the goal would be the “destruction” of systems and data - especially within large utility providers - rather than offering to unlock systems and data if ransoms were paid.

"You can imagine when these sanctions, which Putin claims to be an act of war, start to bite in Russia. They will symmetrically attack with their very substantial cyber capability," he said.

“And the polarising nature of this war means it’s effectively the rest of the world and Ukraine against Russia. So nothing is off limits. He (President Putin) is looking at this and he’s saying ‘you guys are attacking us, you’ve launched an economic war on us, and we’re going to fight back’.”

Hacked the hackers

While it would be almost impossible for the West to directly attribute the cyber-attacks to the Russian government, Murphy pointed out the Conti ransom ware gang behind the HSE attack last year was itself a victim of a hack, by a Ukrainian among its ranks, last month.

Internal communications leaked by the hacker strongly suggested the Conti gang was an extension of the Russian state, he added.

The hacker released almost two years of internal chats within the Conti gang, with that leak coming just days after the gang published a blog post pledging its support for the invasion of Ukraine.

Murphy added that when Russia launched the NotPetya malware in 2017 it was aimed at the Ukrainian government and infrastructure in that country. But the attack - which encrypted victims’ data and demanded a Bitcoin ransom for its release - spiralled out of control globally, including back into Russia, and caused billions of dollars in damage.

There was significant risk, Murphy said, of a similar situation arising in the months ahead as Russia seeks to attack the West and, specifically, the governments imposing sanctions and condemning the invasion, including Ireland.

“What better way to undermine a government, to get their population frustrated? Take their health services down, their electricity, their oil and gas or their water, government services, because they’ve been hacked,” he said.

“I believe (Russia) has that capability and I fundamentally believe they will do it. If Putin is willing to blow up hospitals, with children inside…. He’s going to rain down fire. I’m under no Illusion whatsoever.”

Behind the curve

Murphy said that while the attack on the HSE had resulted in more awareness in Ireland about the risks posed by cyber-attacks, the State remained “behind the curve” in terms of putting in place necessary safeguards to stop another.

Those working to combat cybercrime also believe cyber gangs will seek to exploit the anxiety around the war to launch scams, mostly aimed at people’s bank accounts. The volume of these increased exponentially during the pandemic.

Garda sources said the latest Irish crime data showed a 72 per cent increase in fraud in the State in the year to the end of September.

Some major Irish banks became so concerned at the rate their customers’ were being targeted via scam calls, texts and emails that they issued warnings.

Bank of Ireland warned of a 184 per cent in the number of its customers targeted by fraudsters in the first six months of last year. The amount of money being stolen from customers was also five times higher than in the same period in 2020.

“You had a period where a lot of texts were going around for Covid testing, vaccines and a lot of people were getting the PUP and Covid vaccine certs and once you see a big jump in new activity, criminals will exploit it and they did that,” said one Garda source.

“Now you have the same anxiety around the war and large number of social media posts about it and fundraising efforts and so on. So a lot of the fraudsters’ efforts that piggybacked on the pandemic are jumping onto the war in Ukraine now. And they know people are emotional and anxious about the war and that makes it easier to suck them into clicking on links and providing bank account numbers.”

Conor Lally

Conor Lally

Conor Lally is Security and Crime Editor of The Irish Times