Karina Kokina
Author:

Join Over 57K Cybersecurity Professionals

Get Cyber Events Alerts

Cyberwar In The Ukraine Conflict

At this moment, the globe is suffering in unexpected ways.

The Ukrainian crisis has burst into a major confrontation, and no matter what happens next, the world will never be the same. We know people and conference organizers that live in both Ukraine and Russia and needless to say; we hope that the crisis can be resolved.

There is little question that the human cost will outlast the impacts of artillery, and we hope that calmer heads will triumph eventually and fast, especially with the threat of nuclear war looming large – at least – this is what we all hope for.

But what about Cyberwar? Was it effective? Where can you learn more?

Cyberwar Attacks Have Increased Significantly

Immediately following the outbreak of the war, a spike of over 900 percent in suspected Russian-sourced cyber-attacks was reported within a two day period.

United States cybersecurity agencies, the FBI, and the Department of Homeland Security have all issued high-level alerts about threat levels, readiness, and response. This is the most urgent situation imaginable. Today, hostile cyber warfare is one of the key instruments of the contemporary global military, and there is little doubt that this chain of global events has been planned for quite some time. Historically, when geopolitical tensions are high, malevolent state-sponsored cyber-activities have increased.

We don’t know what kind of assaults will develop, or which will succeed, but given the history of prior international attacks, we must keep a look out for:

  • Advanced Persistent Threats (APTs)
  • Malware
  • Ransomware
  • DDoS
  • Network attacks

Cyberwar Knowledge. Where Can You Learn More?

One of the most recommended ways to learn more about this subject-matter is by attending Cyberwar Conferences. We list all the major ones that take place every year.

Ukraine’s And The World’s Future Is Unknown And Frightening

Following the start of hostilities on Thursday, the European Union, the United Kingdom, and the United States all imposed hefty economic penalties against Russia. The European Union sanctions issued by President von der Leyen include limiting Russian access to modern technology and software in order to undermine Russia’s future military-industrial capacity and economic potential. Other international penalties will freeze Russian assets and impede the use of global banking networks and Western markets by Russian financial institutions and people.

Sanctions and a breakdown in diplomatic ties between Russia and the West must also be addressed in terms of Russia’s likely response. Several warnings have recently been issued by Western cybersecurity authorities. The European Union Agency for Cybersecurity (ENISA) and CERT-EU, the United Kingdom’s National Cyber Security Centre (NCSC), and the United States’ Cybersecurity and Infrastructure Security Agency (CISA) have all issued advisories advising organizations to strengthen their security posture in preparation for the heightened cyber threat environment created by the situation in Ukraine.

CISA Alert AA22-011A offers a bleak picture of the scope of hostile cyber activities ascribed to Russian Advanced Persistent Threats (APTs) targeting Western targets over a long period of time.

There is evidence that the cyberspace war in Ukraine is already well started, with patriotic Russian hackers launching DDoS attacks against Ukrainian government and defense organizations in tandem with the Russian military’s coordinated operations.

However, direct hacking is not the only risk to which Western firms may be vulnerable. CISA issued Alert TA17-181A in 2017 after the NotPetya data encryption assault was conducted against users of Ukrainian tax accounting software. The malware’s lateral maneuvering extended its reach well beyond the intended target.

The infection quickly propagated throughout the linked networks that comprise the contemporary economy by using user credentials stored in memory. The breach experienced by the shipping and logistics company, Maersk, is one illustration of the possible consequences of assaults like NotPetya. Despite not being the intended target of the ransomware, Maersk networks were breached by the hack, which resulted in 50,000 infected endpoints spread over 320 facilities in 150 countries, necessitating repair. The cost to Maersk was estimated to be roughly $320 million, but with the corporation controlling 18% of worldwide container transportation, the potential economic impact of a targeted and prolonged cyberattack is evident.

Organizations in the West should also be wary of using cyberattacks to acquire unauthorized access to financial assets and to undertake espionage operations to get sanctioned technological skills. While national cybersecurity authorities’ advise emphasizes network perimeter management and monitoring, the SolarWinds Orion software supply chain assault in 2020 taught us that network security should be seen as fragile.

CISA Alert AA20-352A describes the cyberattack that affected SolarWinds Orion clients and demonstrates the scope of its impact, which included US government agencies, critical infrastructure groups, and private sector companies. Whereas Russia and other nation-state adversaries are expected to direct future cyberattacks at the acquisition of sensitive technical data, cryptocurrency theft to offset foreign exchange restrictions, or targeted disruption of the critical infrastructure supporting Western economies, increased depth of defense inside the network perimeter will be critical to the protection of data and applications.

Some analysts see the February 26, 2013, publication in the Military-Industrial Kurier (VPK) of an article titled “The Value of Science in Foresight” [in Russian] by the Russian Chief of General Staff, General Valery Gerasimov, as a watershed moment in Russian military doctrine and the start of an explicit hybrid cyberwarfare strategy.

Indeed, information and cyber operations were key to Russia’s 2014 invasion of the Crimean Peninsula. Nonetheless, the main point of Gerasimov’s paper is that new techniques of fighting may be devised to compensate for asymmetric disadvantages caused by a stronger opponent force. Such approaches need the use of the whole military-industrial complex to produce technological and tactical advancements, the fruits of which can be seen in the expansion of APT actors and computational propaganda operations noticed by Western countries and their allies.

While we can only hope for a quick conclusion to the war in Ukraine, the long-term effects of Russian military participation will go well beyond the battlefield. Gerasimov’s lesson is that renewed attention and rapid invention and adoption of new technologies to safeguard the data and apps on which Western societies rely is now a need, not a choice.

In Conclusion

In what has been dubbed the “fifth realm” of military operations, differences between war and peace, combatant and civilian, state actor and criminal proxy are blurred.

If you’re interested in learning more about the fifth realm” we’d recommend this article from the Journal of International Relations.

Collective cybersecurity in reaction to the rising threat of cyberattack would necessitate not just governmental leadership, international coordination, and industry collaboration, but also active engagement of firms and individuals in the manner of Cold War civil defense. We are all now on the front lines of cybersecurity as a result of the disruption in the international order caused by Russia’s military activity in Ukraine.

Leave a Comment

Join Over 57K Cybersecurity Professionals

Get Cyber Events Alerts