As one of the bloodiest wars in Europe since Hitler was alive rages across Ukraine, one concern is what types of cyberattacks will be waged by the Russians. While it may seem minor in comparison to the very real bloodshed occurring across Ukraine, cyber warfare can and does have very real life and death consequences, and this may be one of the first wars where the world sees that up close.
Already there have been reports of data wiping software found on hundreds of computers throughout Ukraine and although the origins are still unclear, it is thought by security experts to be an attempt by the Russians to attack the infrastructure of Ukraine.
What is known is that the software has infected hundreds of computers in Ukraine and was likely released in late 2021. Most of the infected computers are in banks and other financial institutions in Ukraine, but it is thought that it may be undetected elsewhere in Ukraine and perhaps throughout Europe as well.
The cyberattacks need pre-existing domain access to work, meaning the infected computers had been compromised before the code was installed, which suggests that Russian hackers have been at work for months prior to when the code was installed.
How Did We Get Here?
Russia does have a history of waging cyber warfare attacks against Ukraine dating back over a decade. They started to seriously ratchet up their attacks in 2015 when they breached the Ukrainian power grid, which led to severe outages across the country.
Petya and NotPetya were a series of malware attacks that spread across the world in 2016 and 2017 aimed at banks, government institutions, utilities, and businesses in Ukraine. The attacks were aimed mainly at Ukrainian entities that did spread throughout the world, with Germany also getting involved at a significant level.
One of the scarier entities hit was the system that monitors the radiation at the former site of the Chernobyl nuclear reactor. The attack would overwrite code on the computers causing permanent damage, and also demand ransom to be paid in Bitcoin to remove the virus, even though the permanent damage had already been sustained.
Russian Cyber Attacks in 2022
The fear has been that the Russians would unleash severe cyberattacks against Ukraine, and perhaps the world, as they waged their conventional war, although so far that does not seem to be the case.
Russian cyber aggression thus far has been mostly limited to Denial of Service (DOS) attacks against Ukrainian networks. While these can cause problems, DOS attacks are relatively unsophisticated and typically do not cause excessive, long-term damage.
There have also been a series of phishing attacks throughout Europe using the compromised accounts of Ukrainian armed service members coming from neighbouring Belarus. So far that damage has been limited as well.
In mid-February of this year, another data wiping program was found in Ukraine with ties to Russia, but it also caused relatively minor damage to Ukrainian utility companies. Microsoft detected the code very quickly, notified the Ukrainians, and a patch was issued shortly thereafter to render the malware ineffective.
While it is crucial to maintain an extremely high level of vigilance, thus far the cyberattacks waged by Russia appear to be limited in severity.
Russian Cyber Warfare Capabilities
It was thought that the Russians would release severe cyberattacks against Ukraine and the West as a whole. Thus far that has not happened. So the question is, are they waiting for the right moment, or have their capabilities been vastly overestimated by Western intelligence?
So far the Russians have unleashed massive artillery attacks on several densely populated civilian areas with no legitimate military tactical targets, as well as a nuclear reactor, so the evidence points to restraint not being part of their modus operandi. Also, there are credible reports of low morale among Russian troops, and a massive convoy stalled outside Kyiv due to a botched logistics operation and internal sabotage. So the evidence at this point certainly suggests the Russians may not have the cyber warfare capabilities that had been feared.
Ukrainian Attacks Against Russia
The Ukranians have launched cyberattacks against the Russians as well. It is known that government officials have contacted cyber security experts in their country and have begun planning and implementing attacks aimed at Russia.
As of now, the strategy appears to be twofold, with the first objective being to hinder Russia’s infrastructure and their ability to get weapons and needed supplies to their warfighting effort in Ukraine. Railways and the electricity grid are thought to be some of the most important targets.
The Ukrainians are also using it to spread propaganda, or more accurately, the truth, around Russia. Many Russian governments and financial institution websites have been attacked, taken offline, and sometimes replaced with antiwar messages.
Biden Presented with Options
There are credible media reports that President Joe Biden has been presented with many large-scale cyberattack plans to be used against Russia. Officials are said to be weighing the options and there is a divide among those in the administration about how far to go and how soon to start the attacks.
One camp does not want to intervene as it may be seen as an act of war by the west and a violation of the NATO agreement. Others say it can be done clandestinely leaving Russia without clear proof as to the origin of the attacks.
It is almost a certainty that the US has the capability to launch a severe cyberattack against Russia. One only needs to look back in history at other attacks that have already occurred. The infamous Stuxnet attacks that destroyed the Iranian nuclear program are generally believed to have been a collaboration between the Israeli and American governments, although to this day nothing has been acknowledged or proven.
The options are said to include disrupting the Russian railroad system and could cause anything from delays to actually knocking the cars off the tracks. The idea would be to cause physical damage to their capability to resupply their troops in Ukraine and not to cause injuries to people, according to the reports.
Anonymous Attacks Against Russia
One of the most significant developments of this war is the volunteer hackers around the world launching a series of uncoordinated attacks on the Russian government and infrastructure. While similar attacks have occurred in the past, notably in the Syrian Civil War between 2012 and 2016, nothing has come close to the scale we are seeing against Russia. Some attacks have been waged against Ukraine as well, although at this point they seem mostly aimed at Russia.
The Russians have had several government websites knocked offline and some rail operations in Belarus have been disrupted. Since it is difficult to tell exactly where attacks are coming from, and who is behind them, it has blurred the line between nation-state actors and amateurs acting on their own behalf.
The Risk of Escalation
On March 4th, 2022, Ukraine was admitted to the NATO accredited Cooperative Cyber Defence Centre of Excellence (CCDCOE), a cyber knowledge hub, research institution, and training and exercise facility as a contributing member. While it is not the first non-NATO member to be admitted, it is significant because Russia’s motive for this war is to maintain a physical buffer between the eastward encroachment of NATO. The CCDCOE was formed in 2007 after Russian cyberattacks in Estonia.
Clearly, Ukraine and NATO states are taking the threat of Russian cyber aggression very seriously, as they have to. How Russia reacts remains to be seen but they typically use these types of actions to justify further escalation.
The Future of Cyber Warfare
Both the immediate and distant future of cyber warfare remain unclear. What is known is that it is here to stay and will certainly be a major issue for years to come.
We do know that Russia is engaging in cyber warfare attacks against Ukraine as well as NATO nations in Europe and North America. While so far they have been relatively minor, there is no guarantee that will continue. Security professionals must be extra vigilant to protect against attacks from the Russian government, Russian sympathizing civilians, and plain old run-of-the-mill criminals.
Additionally, we do know that the United States and probably many other countries do have significant cyber warfare capabilities, many of which have probably never been released before. If the US is able to derail a Russian train full of military supplies, it would be a historic event, and also almost certainly be seen as an act of war just as much as a bomb or missile, which clearly runs the risk of escalating things.
There is reason to be optimistic and that the Russian cyber warfare capabilities have been overestimated, but cybersecurity professionals around the world must take the threats seriously. There are little distinctions between government, military and civilian targets and it is safe to say that Russia will take advantage of any weaknesses or vulnerabilities they are able to exploit.
Sources:
https://www.nytimes.com/2022/03/04/technology/ukraine-russia-hackers.html
https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware/petya.html
https://www.cyberscoop.com/ukraine-admitted-nato-ccdcoe/