The rapid escalation of the Ukraine-Russia conflict means Australian organisations should “urgently adopt an enhanced cyber security posture”, government cyber security experts have warned as newly imposed sanctions crystallise the risk of retaliatory cyber attacks by Russia-backed cybercriminal operators.

The warnings – contained in a high-priority Australian Cyber Security Centre (ACSC) Technical Advisory – emerged last week after Australian Prime Minister Scott Morrison announced targeted sanctions at Russian President Vladimir Putin and his Russian collaborators to what he called the “unjustified, unwarranted, unprovoked, and unacceptable” invasion of Ukraine.

Russia’s ambassador labelled the sanctions “xenophobic”, a claim that was dismissed out of hand by Australian government officials – yet as the conflict intensifies under Russia’s new threat of nuclear escalation, reprisals are likely to come in many forms.

And while Australia is 15,000km from Ukraine, experts believe fallout from the sanctions – and Australia’s decision to support Ukraine as well as allies the United States of America and United Kingdom – could drive a surge in targeted cybercriminal activity.

Noting a “historical pattern of cyber attacks against Ukraine that have had international consequences,” the ACSC warned that “malicious cyber activity could impact Australian organisations through unintended disruption or uncontained malicious cyber activities.”

Australian organisations should urgently review and improve their cyber security incident detection, mitigation, and response measures, the ACSC recommended, including making sure that logging and detection systems are “fully updated and functioning”.

Organisations should also make sure their cyber incident response plans are up to date, and review their business continuity planning to ensure they can keep operating in the event of direct or collateral damage as the real-world conflict spills online.

“Russian cyber attacks are a form of power projection and will be the way the Russians try to punish Australia for our political stance,” warned professor Matt Warren, director of the RMIT University Centre for Cyber Security Research and Innovation.

As the local consequences of the distant war become clear, Warren warned local organisations to be ready for a range of attacks ranging from denial-of-service campaigns, website defacement, ransomware, and theft of information via hacking.

“These attacks will potentially impact all aspects of Australian society,” he said, “and will test our ability to protect against cyber attacks at this scale.”

Answering the call to cyber arms

The warnings echoed similar cautions by cyber security authorities in the UK and US, where the Critical Infrastructure Security Agency (CISA) issued a ‘shields-up’ advisory warning that “every organisation – large and small – must be prepared to respond to disruptive cyber activity”.

That activity has ramped up in the days before and during the invasion, with Ukraine authorities reporting a surge in Russian cyber attacks described as “on a completely different level” as the country matched its physical invasion with a range of attacks on Ukrainian banks, defence, and other institutions.

Hacking group Anonymous said it had focused its sights on Putin’s regime, and has already been credited with hacking Russian state TV channels and the country’s Ministry of Defence database.

Varying allegiances could even drive a battle royale between cybercriminal gangs, with the Conti ransomware gang announcing that it would target the critical infrastructure of anybody who targets Russia with cyber attacks.

Scammers, too, have wasted no time taking advantage of the conflict, with ESET reporting campaigns such as the promotion of cryptocurrency tokens supposedly designed to benefit the Ukraine.

Australian companies and individuals should expect the volume, nature and impact of cyber attacks to continue as the conflict plays out, warned Kurt Hansen, CEO of Australian cyber security firm Tesserent.

“The war between Russia and Ukraine is causing a lot of confusion,” he said, “and cyber-criminals will try to exploit this stress when carrying out attacks.”

Criminal actors from other countries may also join in the fray, exploiting this chaos for their own purposes.

“There is increasing concern that Australia’s sanctions against Russia might provoke state-based attackers seeking to cause collateral damage in critical infrastructure – hospitals, electricity, gas, water, tolls and so forth,” Hansen said.

“All of Australia’s critical infrastructure is connected to the internet, so there is a large attack surface. Everyone needs to be reminded to be on their guard and to check links they are clicking online, and not forget to take the necessary precautions.”