The prospect of cyber attacks targeting critical infrastructure worldwide has been raised in the media again, after reports that researchers have identified state-sponsored Russian hackers as being responsible for a wave of infections involving malicious malware called VPNFilter. 500,000 routers and storage devices in a total of 54 countries have reportedly been harnessed in preparation for the campaign.
VPNFilter is believed to be linked to a Russian state-sponsored hacking group, possibly a particularly active one known by a variety of names, including @FancyBear and @Sofacy. The malware code has similarities with that used in previous attacks blamed on the Kremlin, such as the breach of the Democratic National Committee network during the 2016 US presidential elections.
VPNFilter could be used for cyber espionage purposes, as well as to launch attacks on critical infrastructure, such as those directed against energy facilities in Ukraine in recent years.
Ukraine has been identified as a possible target for the latest predicted attacks, due to a sudden rise in the number of infections seen there. Cisco researcher Craig Williams said Russia could be preparing to launch new attacks against the country on or around 28 June, when Constitution Day in Ukraine is celebrated.
Shortly after reports about this new threat surfaced, however, the Ukrainian security service said its experts believed Russia was preparing for “another act of cyber aggression, aimed at destabilising the situation during the Champions League final", which takes place on Saturday, 26 May.
Less than a day later, it was announced that any attacks may have been thwarted, as FBI agents had seized control of a major server believed to be hosting the VPNFilter botnet. The action was taken when a US court ordered the registrar VeriSign to hand control of the ToKnowAll.com domain to the FBI.
Meanwhile, speculation has centred on the possibility of major western companies and sponsors of the World Cup being targeted in sophisticated campaigns involving both Russian state-sponsored hacking groups and nationalist hacktivists carrying out their own independent attacks. There have also been suggestions that the UK’s critical infrastructure could be targeted.
Certainly, the Kremlin has its sights set on the UK. Diplomatic relations have fallen to their lowest ebb since the Skripal poisonings in Salisbury, with the UK accusing Moscow of having organised the attacks, and Russia vehemently denying any involvement and demanding proof. As well as the predictable tit-for-tat diplomatic expulsions between the two countries, the UK government announced that it intended to initiate new legislation to clamp down on the money-laundering schemes which Russian oligarchs have been permitted to operate in London since the fall of the Soviet Union in the 1990s. Earlier this week, Roman Abramovich, owner of Chelsea FC (and a range of other extremely lucrative and expensive assets in the UK) had his visa denied and was reportedly prevented from returning to London to watch his team win the FA Cup.
However, it would appear to be unlikely that Moscow would launch damaging cyber attacks against UK companies or infrastructure while the World Cup is taking place. This is a prestigious competition: Russia, for all the bad press it gets, is nevertheless anxious to attract economic investment, and will thus aim to present itself as a functioning, welcoming country.
For its part, as the World Cup begins, Russia will be concerned that its own infrastructure will be the target of cyber attacks launched by state-sponsored hackers acting under the auspices of various ‘unfriendly’ countries: Ukraine could certainly be planning a campaign, as could the UK. The events in Syria, where Russia has a high military presence, could also inspire pro-ISIS hacktivists to attempt to disrupt the competition, whether in the cyber sphere or via physical terrorist attacks.
Hopefully, the World Cup will proceed with few or no notable problems. Assuming this to be the case, it is nonetheless entirely possible that Kremlin-sponsored hackers will instead choose to launch serious attacks on UK infrastructure and companies after the tournament has ended.
Indeed, in a report broadcast earlier this week, Nicholas Watt, the political editor of BBC’s Newsnight, claimed a “government insider” had told him the following: “There is a debate going on in government. Things are eerily quiet on the Russian front. What this minister said is that Moscow is biding its time for the World Cup. Let that happen, and then Russia will be after the UK, not through traditional warfare, but through warfare through the internet. This minister, who would know Russian capabilities, said they have the ability and may well decide, for example, to stop the City of London functioning.”