Tuesday, September 27, 2022

Rising Cybersecurity Tactics from the Russian-Ukrainian Crisis: A Prelude to a Global War?

Contrary to general belief, cyberattacks were much older than the internet itself. The first incident, which can be qualified as a cyberattack, took place nearly two centuries ago when a pair of thieves hacked France’s telegraph wireline communications system and stole some important financial information. Since then, the evolution of telecommunication systems has been accompanied by a similar evolutionary trend, if not faster, in cyber attacks. 

The two world wars and the long cold war between the U.S. and the Soviet Union (URSS) led to more diversified attacks to compromise the defense mechanisms of the opponents. The advent of the internet in 1994, and the shift from analog to digital communications, has given cybersecurity the definition we currently use, that is, “the prevention of damage to, unauthorized use of, exploitation of, and—if needed—the restoration of electronic information and communications systems, and the information they contain, in order to strengthen the confidentiality, integrity, and availability of these systems.” as defined by the U.S. national institute of standards and technology (NIST).

It is very evident that any tension between countries or groups or even larger scale military operations is accompanied by numerous cyberattacks. Although not as effective as armed interventions, they normally aim at disrupting the process of governmental organizations, media, telecom, and power distribution systems, among others. The recent war between Russia and Ukraine contributed to the resurfacing of cyberwarfare with all its known goals and mechanisms. Silent, easier to hide, less costly, and potentially more harmful, cyberattacks are the weapon of choice of ordinary tech-savvy citizens who cannot help on the battlefield.

A Long History of Mutual Attacks

Cyberattacks between the neighboring countries are not something new. The post-soviet era has witnessed a long history of mutual attacks that will certainly not end during the current war. 

Russian attacks have been prominently more powerful in disrupting the main vital sectors in Ukraine. Among others is the Ukrainian power grid infrastructure attack in 2015 using the Trojan virus BlackEnergy, which resulted in widespread outages. A broader attack was performed in 2017 using the malware NotPetya. Exploiting some vulnerabilities in Microsoft Windows-based systems, the ransomware attack would seize control of the infected devices, which is only relinquished if a specific payment is made in cryptocurrency, namely, Bitcoin. The attack affected various entities, including governmental, financial, and commercial institutions. The effect of the malware even crossed the borders to affect major companies such as pharmaceutical giant Merck & Co. and global shipping company Maersk, among many others.

During the ongoing war, attacks persisted, but surprisingly, with lower severity and significantly lower magnitude. Most of the attacks belonged to the group of distributed denial of service attacks (DDoS) affecting media and governmental institutions. Most recently, more severe wiper attacks, usually aiming at wiping data from the victim’s servers, were observed mainly using the HermeticWiper and Whisper Gate malware.

The low-key cyber-invasion of the Russians has even raised some eyebrows, especially since Russia hosts some of the most dangerous hacking groups, such as the Conti ransomware operators. It is widely believed that this is due to the fact the military invasion necessitates the use of Ukrainian infrastructure such as the telecom network for their logistic operations during their invasion of the neighboring territory.

This said, as the war lasts longer, the sanctions towards Russia are increasing, and the Russian economy is notably crumbling. Cyberattacks can spiral out of control and affect vital and typically sidelined sectors such as healthcare.  

On the opposite side, with a significantly weaker military power, Ukrainian cyberattacks towards Russia have been on the rise. The well-known Anonymous group has initiated several attacks, mainly of the DDoS type. They even seized T.V. services for some time to raise awareness of the impact of the war on Ukrainians. The Vice Prime minister has called for the establishment of the I.T. Army to lead the cyberwar against Russia. The newly formed group has targeted Russian government websites, including the Kremlin and the Duma, 

A Larger Scale to the War?

The ongoing cyberwarfare is nothing but a continuation of a “Game of Thrones” between the planet’s superpowers. Ukraine has been trying desperately to get out of the Russian foster home and move closer to Western countries over the last years. It has been trying to free itself from the subordination which lasted for years. The ties of the country with other countries have given the local cyberwar a global status. If Russia’s allies, namely China and Iran, happen to enter the equation, the virtual altercation will even have a higher magnitude.

The relatively small-scale Russian attacks form a clear indirect message to the Western countries supporting the Ukrainian cause and are led by the U.S. and the European Union. A warning that any intervention in its controlled territory can potentially have some severe consequences and that its cyber army would be able to disrupt or even control any of its infrastructures.

This insight is further corroborated by a very recent history of allegedly Russian attacks on U.S. companies SolarWind Corp, Microsoft, FireEye Inc., and CrowdStrike Holdings. The main culprit is, again, Microsoft (in particular, some of its associated resellers). The attacks are attributed to the Office 365 emails system and integration issues with its Azure platform. The resulting security breach affected several federal agencies and institutions.

Another reason for the cyber-planetary war comes from backing Ukraine is receiving from Western tech companies to ensure proper and powerful cyber-defense mechanisms. Therefore, the Russian attacks can be seen as a statement of authority and superior power in the digital world in general and cybersecurity in particular. 

At the scale of Ukraine, these skirmishes could be a warmup for a more global cyber warfare that hasn’t started properly yet. In conjunction with its progress on the ground, Russia is leading a tactical war in the virtual world. Concurrently, Ukraine is also leading the resistance on the battlefield and, more recently, in cyberspace. The two sides in the crisis are supported by continuous help in the military and technological fields from their respective allies. However, several questions remain widely open: When will the war of attrition extend to cyberspace? And What role would the allies from both sides have on its outcome? Time will undoubtedly tell.