Russia, Ukraine and Cyber War: 5 Big Questions
Join today’s leading executives at the Data Summit on March 9. Register here.
Amid Russia’s massive troop build-up near Ukraine’s borders — and grim warnings from the governments of the US and other Western countries – the possibility of a Russian invasion of Ukraine looms large. And so is the potential for a Russian cyber-attack offensive, according to cybersecurity experts, and possibly even a “cyber war” involving countries outside Ukraine, including the US.
Diplomatic efforts this weekend by world leaders, including US President Joe Biden, failed to deter Russian President Vladimir Putin. Estimates now put Russia’s buildup at 130,000 troops, including armored vehicles, ships and aircraft, according to the BBC†
What is less clear is what kind of cyber forces Russia could also deploy in preparation for what is to come. But cybersecurity experts say that if Russia invades, it will undoubtedly use cyber-attacks as a key part of its strategy — just as the country has done in previous military campaigns over the past decade, including in Georgia and Crimea. Peninsula in Ukraine.
“In these past conflicts, cyber was used to facilitate a Russian occupation that today still lies in the formerly sovereign territory of another country,” said Christian Sorensen, former chief of the operational planning team for US Cyber Security. Command, and now founder and CEO of cybersecurity company SightGain. , in an email. “In this way, cyber is closely integrated into Russian tactics.”
Should an invasion happen, “it’s not really a question of whether there will be cyber-attacks on Ukraine,” said Mathieu Gorge, author of “The Cyber Elephant in the Boardroom” and the founder and CEO of cybersecurity company VigiTrust.
Make attacks ‘more powerful’
“Bringing down critical infrastructure in Ukraine, or an adversary’s sovereign state infrastructure, is a tactic to continue or expand physical attacks,” Gorge said in an email. “The idea behind it is that if you physically cripple the country at the border and at the same time cripple access to banks, electricity, health services and IT systems, your attack is much more powerful.”
Since there will almost certainly be a cyber component to any military action by Russia against Ukraine, this raises some important questions. In particular, it is questionable whether Russia’s cyberwarfare tactics will include attacks against more than just Ukraine – potentially turning the conflict into a cyberwar on a more global scale than we have seen before.
One of the most infamous cyber wars to date was the NotPetya attack in 2017 – which was ordered by the Russian government and initially targeted companies in Ukraine. The NotPetya worm eventually spread around the world, and it remains the most expensive cyber attack to date with $10 billion in damage, according to Wired.
Since then, however, “there has been an ongoing debate as to whether the international casualties were just accidental collateral damage or whether the attack targeted companies doing business with Russia’s enemies.” wrote Patrick Howell O’Neill in the MIT Technology Review.
Could it be different this time? And if so, how? What follows are five big questions about Russia, Ukraine, and the potential cyber war ahead.
What kinds of new cyberwarfare tactics could Russia deploy?
In mid-January, a day after the failure of diplomatic efforts to halt Russian troop build-up, more than 70 Ukrainian government websites were targeted by the new “WhisperGate” family of malware. Ukraine blamed Russia for the attacks, rendering many of the government’s websites inaccessible or unreadable.
WhisperGate has “strategic similarities” to the NotPetya wiper, “including disguised as ransomware and targeting and destroying the master boot record (MBR) rather than encrypting it,” researchers at Cisco Talos wrote† But WhisperGate “notably has more components designed to deal additional damage,” the researchers wrote.
Also noteworthy is the fact that Ukrainian officials pointed to a “high probability” that the attacks originated with a infringement of the software supply chain.
Indeed, exploiting compromises in the software supply chain could be one of the new cyber tactics used by Russia during future cyber war campaigns, Sorensen said. The attackers behind the SolarWinds Orion breach, the largest attack on the software supply chain to date, have been linked by US authorities with Russian intelligence.
While the specific cyber techniques used by Russia may have evolved, the targets have not, Sorensen said. Russia has “a roadmap that they would follow again because it has worked in the past,” he said, including in Georgia, Estonia and Crimea.
How can Russia’s cyber wars coincide with military actions?
Russia’s strategy will be to generally spread fear, uncertainty and doubt — both before and during an active/shooting conflict — and to target military personnel and communications during active conflicts, Sorensen said.
For example, Russia could use cyber to “cover Russian troop activity through fear, uncertainty and doubt to cover, for example, the armed takeover of the city of Korosten, Dubrovytsya or Sarny from Belarus,” he said. “This is the same strategy as in the previous conflicts in Ukraine, Georgia and Estonia.”
In those previous attacks, cyber was used as a diversion — to confuse the targets enough to “don’t put up a big fight or organize until it was too late,” Sorensen said.
In preparation, the Ukrainian government has taken steps to improve its cybersecurity defenses, including through training exercises such as “hackathons” organized by the European Union and NATO, the Wall Street Journal reported. Today†
But while Ukraine is well aware of Russia’s cyber capabilities, “the challenge is that the attacker only needs to get it right once to make an impact — while the attacked side must protect all of its systems,” Gorge said. “From a planning perspective, an attacker would probably spend a lot of time checking their opponents’ key systems for vulnerabilities, and they just have to wait for the right moment to strike — namely right before or after a physical attack.”
Could the US and other western countries be targeted?
The chance of this seems high. The US Department of Homeland Security (DHS) warned last month that Russia is likely to consider cyber-attacks on US infrastructure amid tensions in Ukraine.
The DHS intelligence bulletin suggested that in the event that Russia invades Ukraine, a US or NATO response to the invasion could lead to a cyber offensive by Russia against US targets. attacks targeting critical infrastructure,” said the Jan. 23 bulletin, as quoted by CNN.
Last week, regulators in Europe and the US warned banks that Russian cyberattacks linked to tensions in Ukraine pose an imminent threat, urging banks to prepare, Reuters reported†
Then on Friday, the US Cybersecurity and Infrastructure Security Agency (CISA) posted a: warning on the potential for attacks on US targets by Russia.
“While there are currently no specific credible threats to the US homeland, we are aware of the potential for the Russian government to consider escalating its destabilizing actions in ways that could affect others outside Ukraine,” CISA said in a statement. his “Shields Up” warning. “CISA recommends that all organizations, regardless of size, take a heightened stance when it comes to cybersecurity and protecting their most critical assets.”
Meanwhile, Russian cyber attacks on targets outside Ukraine have reportedly already taken place. According to researchers at Palo Alto Networks’ Unit 42, a Russian-affiliated hacker group carried out a cyber attack against a Western government organization in Ukraine last month. Unit 42 reported.
The group’s leadership, which has named Unit 42 “Gamaredon,” includes five officers from Russia’s Federal Security Service, Ukraine’s Security Service said earlier. Unit 42 did not identify or describe the western government agency that was targeted by Gamaredon.
What will retaliation look like in a cyber war?
A nation-state under physical attack usually retaliates, Gorge noted. But what about acts of cyber war?
In cyberattacks, “generally the focus is on containing the breach, fixing vulnerabilities and then exploring what can be done,” Gorge said.
So, “there’s a school of thought that says that cyber retaliation may not be that fast — and maybe it doesn’t have to be that fast,” he said. “It’s not like traditional warfare where missiles fly from enemy to enemy in real time.”
How will AI play a part in this?
Artificial intelligence (AI) and machine learning (ML) have become increasingly important for both cyber attacks and cyber defense capabilities. In the same way that attacks on the software supply chain could be a bigger factor in Russia’s upcoming cyber warfare, AI and ML could also play a bigger role in Russia’s cyber tactics this time around.
For example, the threat actor known as Gamaredon has previously used the Pterodo malware strain against targets in Ukraine, providing an “ability to evade detection and thwart analysis”, in part through the use of a “dynamic hashing algorithm for Windows functions.” to map necessary maps”. API components,” said Microsoft researchers.
For cyber defenders, AI and ML “can be used to protect systems in a way that humans can’t detect attacks,” Gorge said. “However, it can also be used by attackers to bypass traditional layers of defense. This is where cyber warfare is headed.”
VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more