The current conflict in Ukraine is accompanied behind the scenes by cyber warfare. For many, it signals a new era of cyber attacks. But what is cyber warfare? How does cyber war in Ukraine play out and what are its purposes? And above all, if we are also potentially concerned, how can we protect ourselves against the misdeeds of cyber armies?
What is a cyber warfare and what are its purposes?
Cyber warfare, or computer warfare, or cyber war, is a form of warfare that takes place in cyber spaces, i.e. in computers and the networks that link them together. Nations that engage in this type of hostility seek to disrupt, paralyze or destroy targeted infrastructures of their opponents.
How does it work exactly? One way to do it is for the attackers to take control of their opponent’s devices. Infected computers fall under the control of the attackers. They can then execute all kinds of remote commands, download files or change settings, for example. This sophisticated virus survives the usual procedures used to disinfect a compromised computer, such as reboots. It works similarly to social engineering.
Another way to use cyber crime as a war weapon is to limit people’s access to online services. This includes banks, and possibly restricting people from using their own savings. It can also be a propaganda tool, by preventing people from accessing neutral and verified information.
One of the key characteristics of cyber warfare is that, unlike conventional warfare, it is very difficult to blame cyber attacks on the belligerent that is responsible for them. Indeed, it is very complex to trace the infection of malware, as these activities are shrouded in mystery.
Cyberwar strategies aim to put energy, transportation or utility behemoths out of service for several hours, or even days. In the process, they also generate a climate of anxiety and distrust in the population of the attacked country.
What does the current cyber warfare in Ukraine look like?
Cyber attacks as early as 2015
Remarkably, the cyber hostilities were launched long before the offensive on the ground. For many analysts, Ukraine is believed to have served as an experimental laboratory for its neighbouring country to develop its cyber capabilities as early as the invasion of Crimea in 2014-2015.
At that time, Russia had attacked the Ukrainian power grid, depriving nearly 250,000 Ukrainians of electricity.
The NotPetya malware, meanwhile, was released in 2017 to infect computers in Ukraine’s financial sector. But it quickly spread internationally, affecting large multinationals, including Maersk, WPP and Merck. In total, it caused more than $10 billion in damage.
The United States has indicted several members of the Sandworm hacker group for their alleged involvement in the cyber attack. Sandworm is no stranger to the cyber security scene. The group, also known as oodoo Bear or BlackEnergy, depends on the GRU, the Russian military intelligence agency.
January 2022: the resumption of hostilities
Hostilities resumed in Ukrainian cyber space as early as mid-January this year. The Ukrainian National Security and Defense Council reported that 70 government sites had suffered a cyber attack attributed to a group of hackers linked to Belarusian spy services.
This attack seemed to have links with the intrusion of a ransomware (a software that blocks access to data or software of a computer system to extort a ransom in exchange for its restoration). But the malware didn’t just block certain services, according to Microsoft. It also destroyed data, which made it reclassified as a “wiper” (a wiper is a malicious software that erases data).
On February 24, cyber security firm ESET reported that it had discovered a new wiper, HermeticWiper. It reportedly infected hundreds of Ukrainian computers. Later, Symantec announced that the malware infected companies in Lithuania and Latvia. This propagation beyond the Ukrainian borders has led to fears that these threats could reach other countries, via the international supply chains of many firms.
The same week, a distributed denial of service (DDoS) attack targeted the websites of several Ukrainian ministries and banks. The hackers behind this attack flooded the sites in question with requests to overflow and crash them.
Ukrainians also received misleading text messages claiming that ATMs in the country were out of order, presumably in an effort to generate panic.
However, Russia has denied being behind all these cyber warfare initiatives.
Ukraine also wages cyber warfare
Ukraine has not been idle and has also switched to the cyber offensive.
On February 26, the Ukrainian Deputy Prime Minister and Minister of Digital Transformation, Mykhailo Fedorov, invited his compatriots with “digital talents” to join the Ukrainian “computer army”. More than 237,000 people responded to this call, and were invited to launch cyber attacks against Russian websites.
Other initiatives took more surprising forms. For example, Ukraine circulated cartoons and jokes about Vladimir Putin and Russia on Twitter.
The New York Post reported that Russian soldiers had made contact with Ukrainian women on Tinder. It is unclear whether the women’s profiles are those of real people, but what is certain is that these communications served to locate Russian troops and track their moves.
Third parties join the cyber war
Third parties have also joined the cyber conflict. In late February, the Conti hacker group, which was responsible for a ransomware attack on the Irish health system last year, said it supported the Russian government and would use its resources to strike at the infrastructure of anyone who declared themselves an enemy.
On the other hand, the hacker collective Anonymous announced that it was “officially in cyber warfare against the Russian government” a few hours after Russian troops entered Ukraine. Since then, it has claimed to be the author of several cyber attacks against Russian government websites and important Russian media. Anonymous targeted the websites of the state-run news agencies TASS and RIA Novosti, as well as the newspaper Kommersant. Their homepages momentarily displayed a message blaming the Russian invasion.
Anonymous also launched an attack that paralyzed the websites of the Kremlin, the Russian Ministry of Defense and the Duma (the lower house of the Russian parliament), among others.
Finally, it is important to stress that hackers with no connection to Russia can take advantage of the current hostilities to attack while going unnoticed.
This is not a new phenomenon
According to Greg Austin, who directs the Cyber, Space and Future Conflict Program at the International Institute for Strategic Studies, we haven’t seen anything yet. He said, all these hacks against Ukraine are mere peccadilloes that bear no relation to the destructive cyber attacks that the Russians are capable of deploying.
A large-scale cyber attack would have the power to paralyze banks, financial markets, power grids, telecommunications, health systems, or ground airplanes. An entire country could be brought to a halt.
This shows that, nowadays, the most worrying cyber threats are no longer the prerogative of lone wolf hackers, but of armies of hackers working on behalf of governments with malicious intentions.
Indeed, many countries have developed cyber weapons, although few of them acknowledge it. Nor is this new. Many countries, such as The United States, Israel, North Korea and Russia, have been involved with cyber attacks during the last years.
Cyber war is definitely not new, but we can assume it is going to be more and more present in our lives.
In 2010, the United States and Israel were accused of launching Stuxnet, a computer worm against Iran’s uranium enrichment centrifuges.
After that attack, Iran invested heavily in such operations. In 2012, the country launched the Shamoon malware against the Saudi oil company Aramco. The country notoriously uses Ashiyane, a security forum to find new recruits to bolster its cyberwarfare capabilities.
And of course, we can’t omit North Korea, which is suspected of deriving 10-15% of its foreign revenue from piracy actions. North Korea’s hacker force, known as Bureau 121, is believed to number around 6,000 people. The hermit country reportedly spends 10 to 20 percent of its military budget to fund online operations.
Cyber warfare is here to stay
And according to Nicole Perlroth, author of “This is How they tell me the World ends”, this threat affects everybody. The massive use of the Internet and the growing number of connected objects increase the destructive potential of virtual weapons tenfold.
Leaders must take into account that from now on, all geopolitical conflicts will include a cyber warfare aspect. And only countries that are able to maintain the most essential services (health, water service, energy, transportation, etc.) in the midst of hostilities will come out as winners.
It also undermines international diplomacy, whose new unclear component complicates the dialogue between nations. Without tangible evidence, it is very difficult to blame nations that rarely take credit for cyber attacks. Moreover, it is very hard to know the exact extent of the phenomenon, because of its secret nature.
So far, cyber attacks have not caused as many victims as bloody attacks. For a large proportion of the public, they are a new and still unknown phenomenon. But it is precisely this mysterious aspect that makes them even more worrying and that renders them an ideal weapon.
It is therefore likely that cyber attacks will become a regular component of terrorist strategies, used as a complement to the classical attacks. They are likely to be used to sow fear and distrust among the population and to hamper the operations of emergency services.
All of these factors explain why many observers feel that we have entered a new era. An era in which cyber threats are no longer the sole concern of IT managers. Individuals, businesses as a whole and world leaders must also be alarmed.
What can you do to protect yourself from cyber attacks?
Outside of Ukraine, the Russian-Ukrainian cyber war does not threaten anyone. But we cannot exclude an international contagion by the spill of malware outside the borders of Ukraine. That is why it is important to take some steps to protect yourself.
For companies and individuals, it may be too late to deploy a security policy aimed at eliminating all cyber risks and loopholes in the IT system. Nevertheless, it is still possible to prevent malware intrusions and take action to minimize the possible damage in case of an attack. Here are some tips, among others:
- Only use strong passwords (at least 8 characters). Even better, use a passphrase and do not use the “Remember me” option on websites that offer it.
- Beware of phishing. It’s the primary source of ransomware infection. Never click on a link in an email from an unknown source. Carefully review all emails from known authors with a critical eye for any possible anomalies (misspellings, unusual greetings, unknown links). Read our Email Security and Privacy Awareness course for more details.
- If you are a company, train your staff not to systematically click on links and attachments in emails. They must know the different phishing techniques and learn how to thwart them. Insist on strong and unique passwords and change them regularly.
- Adopt a secure email system such as Mailfence.
- Use two-factor authentication whenever possible.
- Do regular backups.
- Rather than adding new tools to the cyber security arsenal you already have (at the risk of making it even more complex), make sure you have all the latest updates on all existing devices, applications and systems.
Conclusion
In a nutshell, the cyber warfare currently raging between Russia and Ukraine is nothing new, but it does signal a new stage in international geopolitics. Our ever-increasing connectivity means that we are more and more vulnerable to cyber threats. States who are developing cyber weapons and maintaining armies of hackers in order to cripple the services of potential enemy countries are now exploiting this fact. Finally, as individuals, we must be aware of these risks and take steps to protect ourselves right now.
For more information on Mailfence’s secure email suite, please do not hesitate to contact us at support@mailfence.com
