RUSSIA, China or Iran may launch opportunistic cyber strikes to capitalise on the chaos caused by the Crowdstrike IT outage, Whitehall sources warned last night.
While accidental, the infection of Crowdstrike’s antivirus update with bad software carries remarkable similarities to deliberate cyber attacks already carried out by Russia in the past.
Both the NotPeya ransomware attacks in 2018 – which cost some firms hundreds of millions of dollars – and the SolarWinds cyber strikes in 2023 were both achieved by installing a simple piece of malicious code to a software update and sending it out to clients.
“Friday’s outage was accidental and profoundly significant. But we are aware that the impact of the outage, such as disruptions to services ranging from banking to transport, would have been monitored closely by bad faith actors, and these include our strategic adversaries,“ said one senior army officer with connections to Whitehall last night.
“It is quite possible that these will attempt to capitalise on what happened on Friday, and we are alive to this threat.
“This is what cyber warfare is about – finding innocuous ways which have a profound effect on the continuity of daily life, and the will of a population to withstand. “
Cyber expert Hand Horan, of the Proximities strategic risk group , said: “It is well known that the SolarWinds hacks were caused by Russia inserting malicious code to a software update and uploading it to a client.
“Events like the Crowdstrike outage just reconfirm to Russia that the West is wholly unprepared to withstand these threats, and offer fresh encouragement to attack the West by infecting our systems and gaining access to privileged information or to obstruct them altogether.”
Ministers fear a deliberate cyber-attack could cause “even worse” disruption and are stepping up work on a new Cyber Security and Resilience Bill, which was already expected to come before Parliament within a year.
A Department for Science, Innovation and Technology official said: “The disruption we have seen over recent days highlights just how much we have come to depend on digital technologies in so many aspects of our lives: at work, on holiday, on television, for our health and wider public services.
“It is because so much of our lives are reliant on this technology that we have to protect against cyber attacks which have the potential to cause even worse disruption.
“As soon as this government won the election we took immediate steps to begin legislating to protect public services and the third party services they use.”