Peter Suciu | nationalinterest.org »
While the Ukrainian military was focused on countering Russian forces on the ground, the government was also preparing to protect the country from cyber threats.
While few on the ground are likely to complain, a lingering question among military pundits is why Russia has failed to establish air superiority over the skies of Ukraine. Notable experts are also wondering why Russia failed to unleash a full-fledged cyber campaign. Russian hackers had been conducting targeted cyber strikes against Kyiv in the days and weeks leading up to the ground assault, but no significant strikes have been launched since the invasion began.
“I am not a strategic military analyst, but from what I’ve seen, Russia has already gone kinetic—they have boots on the ground,” explained Kevin Novak, managing director of cyber security firm Breakwater Solutions.
“The use of cyber-attacks will be purely complementary,” Novak said via email. “They will be used to debilitate Ukraine’s military capabilities, create economic pressure to surrender, and shift public opinion in their favor. It may also be used as a means by which to compensate for sanctions imposed globally against Russia—something that will not be confined to Ukraine alone. Several news reports have already cited seven to eight times increases in Russian-based phishing attacks around the world over the past week.”
No Holding Back
It would also be unwise to suggest that Russia is truly holding back, as it actually engaged in cyberattacks even before the first shot was fired.
“While the West waits for the big cyber attack to hit, the attacks have already occurred against the people on the ground in Ukraine, Belarus, and Russia. The cyberattacks began in the days leading up to Putin’s announcement and subsequent military attacks against Ukraine,” said Chris Olson, CEO of The Media Trust, a digital safety platform.
The Media Trust reported a five-fold increase in malware delivery to local devices on February 21 and 22 relative to February 1 through 20. “It’s not surprising that multiple mechanisms were used,” added Purandar Das, CEO and co-founder of cybersecurity research firm Sotero.
“Given the timeline and activity, it would appear that the attacks were planned well in advance and executed. If the attacks were already on the cards, ransomware attacks would be an ideal disguise since they are occurring all the time and target pretty much everybody,” warned Purandar. “Deploying more harmful and insidious malware under the ransomware label would in theory enable the attacker’s motives to remain undetected longer.”
It may simply be that we haven’t seen the worst of it yet. “The cyber war has already begun as Russia has already started their multi-pronged campaign that includes social media. However, we can only see when disruption has occurred,” explained Sanjay Raja, vice president of product marketing and solutions at cybersecurity firm Gurucul.
“Most likely they are also exfiltrating a lot of data and even planting malware that can be awakened at some point,” Raja added. As we know, threat actors, including state-sponsored groups, usually attempt to stay undetected till they are ready or pursue their objectives in a limited fashion over time to continue unabated. It is possible Russia has not shown their cards yet and will methodically execute more campaigns over time based on how the conventional invasion progresses.”
A Solid Defense
Experts note that while the Ukrainian military was focused on countering the invading Russian forces on the ground, the government was also prepared to protect the country from cyber threats. “I’m quite certain that Ukraine is doing all it can to defend against Russia and is undoubtedly employing cyber defenses in a similar fashion, as best it can,” said Novak. “We’re also seeing allies – possibly public, and definitely private—to both sides entering the ring, and at least from a cyber perspective, we may be looking at a more global initiative.”
It is also possible that Russia may have already gained a foothold into other Ukrainian public and private sector entities that simply haven’t been detected yet. “I suspect we’ll see more over the coming weeks,” Novak continued. “Russia may also be gauging public opinion and political backlash from their actions so far, or they may somehow be impaired. That is a good question for our intelligence community.”
Hackers Picking Sides
What is also notable about the war in Ukraine is that hackers have vowed their support. Some cybercrime organizations, including the major Russian-based Conti gang, have pledged to target the nations that have imposed sanctions on Russia. Meanwhile, the hacker collective Anonymous vowed to target Russian businesses and the government in response to the unprovoked attack on Ukraine.
The fact that the hackers are taking sides could be quite significant. “The Conti gang threat is credible, and confirms an operational assumption already adopted by U.S intelligence officials: the Russian-Ukrainian conflict will have many cyber casualties in both the public and private sector,” said The Media Trust’s Olson.
“Thanks to the number of digital channels in use by modern organizations, compromising critical infrastructure is a task within reach of even low-skill cyber actors,” Olson warned. “For instance, attackers can exploit the digital advertising ecosystem to target specific organizations and executives with a malicious campaign that installs a backdoor for future attacks.”
In the wake of Russia’s invasion of Ukraine, Anonymous claimed that it was responsible for disabling websites belonging to the Russian oil giant Gazprom, the state-controlled Russian news agency RT, and numerous Russian and Belarusian government agencies, including the Kremlin’s official site.
“Russia may be using bombs to drop on innocent people, but Anonymous uses lasers to kill Russian government websites,” an Anonymous-affiliated social media account announced this week.
The actions from the collective could be enough to spur others to help Ukraine’s cause. “There are a great number of very talented cyber-professionals, both white and black hat, around the world; many of whom are significantly critical of Russia for its actions over the past couple weeks,” said Novak. “A concerted effort by a large contingency of those talented individuals; particularly if organized, could definitely cause significant harm to Russia, and could be a contributing factor as to why we aren’t seeing even more action from Russia. Unfortunately, I’m not confident that these efforts would be immediate, impactful, or long-lasting enough to prevent significantly more loss of life, and possibly even the collapse of Ukraine as we know it today.”