Cybersecurity Threats Loom as Russian-Ukrainian Conflict Escalates

As the Russian assault towards Ukraine escalates day after day, with heavy military weaponry being used during the war, another side of the warfare has as much importance as the military action, which is the cyber warfare field.  

That part is related to the cyberattacks being launched by the Russians against facilities in Ukraine, especially during the Russian assault on the country.  

A webinar under the title “Defending Your Organization from Geopolitical Cybersecurity Threats” had two speakers give their opinion about the subject. 

For example, organizations with businesses partnerships with Ukrainian and Russian firms should take care in respect to inspecting, monitoring, and isolating traffic from organizations in that geography and closely review access controls for that traffic. 

Lead Principal Consultant Trustwave, Luke Kenny, said, “the disinformation campaigns are huge, and the latest examples are the pro-Russia online disinformation campaigns that were unleashed and depicted Ukraine as the aggressor.”  

Adding that “Russian President Vladimir Putin used World War 2 (WW2) history and ties to Nazi collaboratives in Ukraine (Ukrainian nationalism) as the main excuse to launch the assault.” 

“Decommunization of Ukraine will help the separatists in Donbas (south-west Ukraine; areas of Donetsk, Luhansk, Kharkov),” he highlighted.  

Regarding the cyber-attacks, Luke said that “during the annexation of Crimea in Ukraine in 2014, disruption of landlines, mobile and internet services took place, distributed denial-of-service (DDoS) attacks, in addition to the attack on a referendum on Crimea annexation on 16th March, alongside an attack on NATO websites (CyberBerkut).”  

On the same note, a power grid disruption occurred in Ukraine in 2015 and 2016, alongside a NotPetya ransomware in the country and the rest of the world in 2017 by the Sandworm Unit 74455, which is allegedly a Russian cyber military unit of the Russian intellgenece agency (GRU), the organization in charge of Russian military intelligence. Other names given by cybersecurity researchers include Telebots, Voodoo Bear, and Iron Viking.  

Another example of cyberattacks is the “Macron Leaks” in 2017, during the French Presidential elections.  

More and more cyberattacks took place during the previous years in Europe. They expanded to the rest of the world, especially having the Russians launching most of the attacks, such as the one hitting Georgia in 2019, targeting the Georgian’s presidential office by the same Russian unit 74455.  

U.S. presidential elections in 2016 were hacked by the Russians, as the media reported by then, in addition to having a DDoS on a large scale by APT 28 on Montenegro in 2016-2017.  

On another note, Lukasz Chmielewski, Senior Threat Architect Trustwave, said the different threat intel APT groups are: Sandworm, CyberBerkut, CyberCaliphate, Turla APT, APT28 (Fancy Bear, Pawn Storm, Sofacy, Strontium), and APT 29 (Cozy Bear, Office Monkeys, Duke, CozyDuke, CozyCar).  

Some strategies are recommended to constructively face these hacks, such as having a risk posture that includes collaboration, visibility, continuous monitoring, and managing risks.   

Meanwhile, the strategy of operational effectiveness includes crisis simulations and incident Response IR table-tops (Exec/Board focus), which is a Cybersecurity mock drill, assurance testing-Red Teaming (is testing the security of your systems by trying to hack them), in addition to testing your incident response plans, and security training and awareness.