What impact will the Ukraine/Russia conflict have on cyber security and threats?

The Putin versus Ukraine conflict has been building since 2014 after Russia invaded and annexed Ukraine’s southern territory, the Crimea. At the same time, Russian-backed separatists, formed the breakaway 'nations’ of the Donetsk and Luhansk ‘people’s republics’, further encroaching on Ukraine’s sovereignty. The 2022 all-out invasion and outbreak of war in the region has led to nations coming together across the world in condemnation of the attacks. This has led the UK, US, and the EU to work on how to stop Putin on all fronts and in our modern age of technology, this includes the digital space.

Nations and companies alike have come to Ukraine’s aid in the cybersecurity theatre, along with releasing stark warnings against Russia's greatly increased cyber attack vectors.

How will the conflict affect cybersecurity issues?

The war is not only on the ground but also on an economical, informational, and organisational level in order to try and stop Putin’s advancement. With most socio-economic systems being digitised, it opens a huge question as to how this affects the cybersecurity landscape.

Vocal opponents of Putin’s tactics, such as the US, UK and the EU and their subsequent key industries & companies that either directly or indirectly hinder Russia’s economy, could be open to increased risk from Russian cyber attacks. Especially if a company has direct links to Ukraine’s critical infrastructure.

Rob Lee, CEO from Dragos stated, “We have observed threat groups that have been attributed to the Russian government by U.S. government agencies performing reconnaissance against U.S. industrial infrastructure, including key electric and natural gas sites in recent months.”

But it does not necessarily need to be infrastructure companies that need to be concerned. Ukraine was a developing nation as it became a destination for outsourcing, start-ups, and tech companies. Ukraine had over 4000 tech companies that serviced household name top Fortune 500 clients.

With the unpredictability of Putin’s war and the need to support Ukraine in any way possible, any company linked to Ukraine or its allies' key infrastructure should be on high alert for cyber attacks that could be recognised as coming from a foreign source or attacks that focus on disabling/erasing systems rather than for profit/ransom.

The history of cyber attacks between Russia and Ukraine.

Ukraine has been the target of sustained and calculated cyber attacks since the start of the 2022 invasion. These have been aimed at destabilising the country’s infrastructure.

Historical attacks have also been prevalent such as the attacks occurred in the winter of 2015, where a suspected Russian attack shut down a portion of the country’s power grid with a repeat attack happening in 2016. In 2017, Russia deployed the data-wiping NotPetya virus also into Ukraine’s power grid. It was a destruction-based malware that ended up being globally released.

To understand the ongoing severity, The Cybersecurity and Infrastructure Security Agency of the USA, put out a notice on January 11^th 2022 titled ‘Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure.’. This notice shook US companies into action.

Latest cyber attacks in Ukraine 

In January 2022, over 70 Ukrainian government websites were attacked which included the Education Ministry and the Ministry of Foreign Affairs. The content on the websites was replaced with anti-Ukrainian and pro-Russian aggression propaganda.

On Wednesday, 16^th February 2022, Ukraine reported that Russia had launched an anonymous cyber attack, the biggest ever recorded, which targeted two banks and the defence ministry. The hackers were behind a series of Distributed Denial of Service (DDoS) attacks which inundated websites with millions of requests, trying to overload servers and bring them down. The Kremlin denied responsibility for this, but Ilya Vityuk the cybersecurity chief of Ukraine’s SBU intelligence agency stated:

“The only country that is interested in such attacks on our state, especially against the backdrop of massive panic about a possible military invasion, the only country that is interested is the Russian Federation.”

However, with the right systems, implementation, training, and partnerships, it is possible for organisations to have a chance to stand against Putin’s cyber attacks, such as when Microsoft stated

“Several hours before the launch of missiles or movement of tanks on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure. We immediately advised the Ukrainian government about the situation, including our identification of the use of a new malware package (which we denominated FoxBlade), and provided technical advice on steps to prevent the malware’s success.”

What can we expect in the future?

Although the war is still more or less in its infancy, the blitzkrieg  of cyber warfare that was expected by some from Russia toward Ukraine, has not come to full fruition yet. Russia is known for having a large cyber force, which it reportedly recruits with cyber experts from Advanced Persistent Threat groups based in Russia, we will cover the implications of this in the next edition of this series.

If the war escalates it is safe to assume state-sponsored hacking attempts could be more prevalent and also become the norm. These attacks will most likely target companies or government agencies it sees as a threat to the Russian state and war effort.

The best thing we can do is be alert to the heightened risk of cyber attacks such as DDoS, data wiping malware and phishing attacks by Russian groups like Gamaredon. Keeping staff trained and up to date about the essentials of cyber hygiene is paramount.

To help support Ukraine efforts, pleased donate to the Disasters Emergency Committee (DEC), via the British Red Cross. The DEC unites 15 member charities who are experts in humanitarian aid and specialists in different areas of disaster response. https://donate.redcross.org.uk/appeal/ukraine-crisis-appeal

Follow the ‘State Service of Special Communications and Information Protection of Ukraine’ Ukraine’s government cyber security agency’s Twitter here: https://twitter.com/dsszzi