Podcast 🎧 & blog: Is cyberwarfare part of Russia’s plans in Ukraine?
Something might have caught many observers by surprise in Russia’s ongoing invasion of Ukraine. After a solid history of cyberthreats that could be linked back to the Federation’s territory, cyberwarfare seems to not be playing a major role in the attackers’ plans this time. As it did instead in 2007, during
It hasn’t been the same in the past, and no one guarantees the current situation can’t change in a matter of weeks, or even days. Perhaps particularly when, on the ground, the Russian army appears to not proceed at the pace initially envisioned by the architects of the invasion.
Let’s look at what is happening with the help of Merle Maigre, Senior Cybersecurity Expert at e-Governance Academy and former top NATO diplomat in this field.
As the offense rages on, signs of a cyberwar are scant
With every day that passes, the humanitarian tragedy caused by this war becomes increasingly severe. Any account of the state of things on this side is here left to media outlets from all around the world – just as a reminder, over two million refugees by now have been forced to leave the country, according to the Operational Data Portal of the UNHCR.
From a digital perspective, instead, it is rather interesting how cyber activity has played a remarkably little part in the war in Ukraine so far. “What we are seeing, instead, is a sort of more traditional, kinetic kind of warfare. Trenches dug by Ukrainian soldiers, Russian tanks rolling through the cities. It is surprising that the Russians haven’t tried to restrict internet access in Ukraine, as they did when occupying Crimea in 2014,” Maigre points out.
It almost looks as if Russia, in this sense, is holding back. “Before the war started, several experts thought of what Russia could do in the event of a military attack. Three types of campaigns in the cyberspace could support its military objectives: 1) intelligence-gathering operations; 2) operations aimed at disrupting the Ukrainian military; 3) psychological operations against the Ukrainian public,” Maigre outlines.
To some extent, a few of these things happened. But the cybersphere is a battlefield for grey zone conflicts, so during times when there is an unclear situation between peace and war. “Once the war breaks out, the cyber becomes much less useful for anything but very tactical objectives in support of kinetic operations,” Maigre says.
Cybercriminals as digital, auxiliary troops to let loose
Does that mean we can overlook the cyber-side of the conflict? Absolutely not, Maigre warns in our conversation. First, because we might – sadly – still be at the inception of the conflict. Secondly, it is possible that cyberthreats won’t appear in the form of state-sponsored attacks, but rather deploying alt-troops such as gangs of cybercriminals.
“There is an army of cyber proxies, cybercriminals, waiting to be let loose – though that hasn’t happened so far. To put things into perspective, nearly three quarters of all revenue generated through ransomware attacks in 2021 went to cyber criminal groups based in Russia. So, we can imagine the size and power of these groups, which are already somewhat organized forces. And we know where their loyalty lies,” Maigre says.
Screenshot from Twitter
In fact, recently, one of such groups has openly voiced its support for the Russian government and its actions. Hackers behind the Conti ransomware operation knocked out the Irish national health service (among others) for a week last spring. They announced they will use “all possible resources to strike back at the critical infrastructures of an enemy” – in case anyone would try and get in the way of Russia’s plans in Ukraine.
As the saying goes though, they got a taste of their own medicine, when an anonymous individual swiftly leaked shortly afterwards a wealth of chats among members of the group. Also apparently confirming, as The Verge reports, “a chain of command that links Conti to Russian intelligence agencies”.
On top of that, “Analysis of the crime market suggests that there is access to around 100 targets for sale, or offer, at any one time. If Russia calls these auxiliary cyber forces to go and attack Europe, for example, things can get very nasty. So, there is this risk, but we’re not currently seeing it for some reason,” Maigre explains.
Fair to mention that Ukraine has called to arms its own troop of hackers, in response. Since digital transformation Minister Fedeorov’s “We are creating an I.T. army” tweet, the relative Telegram group channel had gathered over 285 000 subscribers in just one week. Fascinating stuff, as the New York Times reported.
Screenshot of the New York Times’ article
Things we can all do to be prepared
In the specific case of Ukraine, threats are real, but so are the things we can do at all levels – personal, organizational, national – to protect our systems and data in the face of a cyberattack. Maigre reviews them as it follows.
“First, to keep all systems patched and updated with security fixes.
Secondly, improving access controls and enabling multi-factor authentication.
Thirdly, implementing and maintaining a really effective incident response plan,” she says. This means that the IT teams, the Computer Emergency Response Teams, the Security Operations Centres, everyone needs to know what to do when an attack hits the organization.
“Then, we must ensure that all backup and restore mechanisms are working. And last but not least, I would recommend to practice. Plans are good, but it’s always better to practice them – so training and exercising these plans. Just as we regularly try evacuation measures in case of fire, we just have to do it, so to know how to behave if a fire breaks up for real. The same applies to cyberthreats,” Maigre concludes.
Contribute to support Ukrainians in the fight for democracy in Europe and the freedom of Ukraine!
Doctors Without Borders, http://www.doctorswithoutborders.org/
Save The Children, https://www.savethechildren.net/
United Help to Ukraine, http://www.unitedhelpukraine.org/
Ukraina heaks, https://www.ukrainaheaks.ee/ (in Estonia)