Tampa Bay cybersecurity firms on alert as Russia-Ukraine fight raises threat

Jay Cridlin, Tampa Bay Times
·4 min read

For weeks, public and private agencies have been warning Americans of the heightened threat of cyberattacks stemming from Russia’s military invasion of Ukraine.

The U.S. Cybersecurity and Infrastructure Security Agency said attacks in Ukraine “are likely to occur and may unintentionally spill over to organizations in other countries.” The Department of Homeland Security encouraged organizations of all sizes “to improve both their physical and cyber resilience.” The credit rating agency S&P Global Ratings said the economic impact of “a ratcheting up of cyber and counter cyberattacks between Russia and its perceived adversaries ... could run to the tens of billions of dollars.”

In Tampa Bay — home to the cottage cybersecurity industry surrounding MacDill Air Force Base, which houses U.S. Central Command and U.S. Special Operations Command — the warnings are not falling on deaf ears.

“Land war in Europe combined with sustained cyberattacks again stresses the need for what we do,” said Stu Sjouwerman, CEO of Clearwater cybersecurity firm KnowBe4. “The Kremlin may very well decide to let the West know that they have teeth, and so you get ransomware attacks on pipelines and power systems. That’s how we approach it.”

Joe Partlow, chief technology officer for Tampa company ReliaQuest, said companies with operations in eastern Europe are particularly concerned about — and potentially more vulnerable to — cyberattacks and data leaks tied to the conflict.

“A lot of them are more worried about the collateral damage and the fallout that might happen,” Partlow said. “It’s a little bit of the mercenary Wild West.”

The alerts surrounding the Russia-Ukraine conflict are similar to hurricane watches, said Bob Rudis, chief researcher at Boston cybersecurity company Rapid7, which opened a Tampa office last year. It’s an important time for organizations and individuals to be on heightened alert and make sure their best practices are in place and up to date — patching known vulnerabilities, preparing an incident response plan, backing up critical data offline and so on.

“None of us have seen, heard about or read about any direct cyber actions by Russia outside of the actual conflict area,” Rudis said. “But as things escalate, as more countries do show support for this, we could see the same tactics and techniques used by elite Russian-sourced hacking groups going after things like critical infrastructure.”

The potential chaos that could follow even one significant infrastructural cyberattack could have a significant effect, said Ron Sanders, director of the Florida Center for Cybersecurity, also known as Cyber Florida, at the University of South Florida.

“The Russian playbook uses cyber as what we call an asymmetric weapon — in other words, a little bit goes a long way,” Sanders said. “If they just sow a few seeds of fear and panic and it spreads like a plague, like a pandemic, mission accomplished on their part.”

One emergent tactic in the Russia-Ukraine battle is a form of malware called a wiper, which cybersecurity analysts say Russia has deployed against Ukraine in recent weeks. Such malware, also known as destructionware, wipes data from computers, rendering them unusable. A similar attack took place against Ukrainian infrastructure systems in 2017, eventually spreading to cause a reported $10 billion in damage around the world.

“With ransomware, you at least have a chance of getting your data back,” Rudis said. “Destructionware can actually cripple an organization.”

Not all threats are coming from Russia.

On Monday, Czech firm Avast reported that scammers are already exploiting relief efforts by posing as Ukrainians or organizations asking for aid, often in the form of cryptocurrency like Bitcoin.

Conflicts like these can spur activity among hacker groups that have no affiliation or allegiance to either side, simply because the market for data and initial access points becomes more lucrative. Those seeking that data can buy or trade for it, rather than hacking it themselves, and then “go do whatever else they plan on doing, whether it’s ransomware, destructionware, stealing police secrets or something like that,” Rudis said.

For both organizations and individuals, an important step is enacting multi-factor authentication “for literally anything you possibly can,” Rudis said, ideally through an app rather than SMS text messaging. Some of the more popular apps include LastPass, Authy and Google and Microsoft Authenticator.

“It’s the basics that usually bite people when they get infected with this stuff,” Partlow said. “Make sure you’ve got your backups up and running, patches up to date, maybe a heightened awareness for phishing and malware. It may not be direct Russian or Ukrainian attacks against you, but it could be collateral from other criminals taking those tactics and techniques.”