Blog

Cyber War in Ukraine

Cyber War in Ukraine

The Russian invasion of Ukraine has propelled the United States and Western Europe to take the most aggressive steps against Russia since the Cold War. This is a highly fluid situation with many critical aspects to delve into, such as supply chain disruption and travel safety. We will cover one part per piece and how it could impact our daily lives. 

It is important to focus on what is in our control. It is crucial that we remain strong and resilient. We still do not know how this war will impact the global economy or spill over to other arenas. There are tangible concerns of increased cyber threats and other potential proxy battles.

Cyber War

Until now, Russia has not significantly used its cyber capabilities on Ukraine during the invasion, though it launched a cyber-attack as a first salvo before invading its neighbor. Microsoft, which has been helping Ukraine defend against Russian attacks, noted in this article:

“On Monday, Microsoft (MSFT (MSFT)) said that in the hours leading up to Russia’s invasion, it detected a new form of “offensive and destructive” software targeting Ukrainian institutions. Microsoft also said it has observed a barrage of cyberattacks zeroing in on Ukraine’s agricultural, commercial, finance and energy sectors.”

We have crossed from theoretical to reality; attacks on human rights are now being initiated as attacks on civilian infrastructure. Cyber warfare has been one of Russia’s tools over the past few years, so it could be a matter of time before a major cyber onslaught begins. For all the fears around the use of conventional weapons, cyber-attacks on infrastructure can have an even more disastrous effect. 

There are differing opinions as to why Russia has not ramped up its use of cyber (some believe Russia’s capacities are not as potent and deadly as they once were), as covered in this New York Times piece:

“Many people are quite surprised that there isn’t significant integration of cyberattacks into the overall campaign that Russia is undertaking in Ukraine,” said Shane Huntley, the director of Google’s threat analysis group. “This is mostly business as normal as to the levels of Russian targeting.”

Cyber versus Cyber

It is not just one sided, however. Cyber-attacks from Anonymous and other hacker groups have targeted Russian websites. Due to the shadowy nature of online hacking, there are groups targeting Russian assets we may not be familiar with, and will continue to do so as this war rages. The ultimate concern is that Russia is not using the full breadth of its cyber capabilities, for which it is known to have capabilities to wreak havoc.

A cyber-attack on a NATO state is completely within the realm of possibility. Such an attack would fall in the gray area of what could trigger the enforcement of Article 5 and force NATO to join the war. Cyber-attacks are hard to trace and can be done by third parties on behalf of a state. As we wrote about in an earlier article, there are many black hat organizations who have capabilities, and Russia has not hesitated to utilize hired guns such as the Wagner Group to do its dirty work.

Involvement by non-state hacktivist groups present the potential for unwanted escalation because they are generally acting unilaterally, without the full context of coordinated efforts at the multi-state level. They have the potential to trigger wider conflagration by taking actions that draw Russian retaliation.

Public-Private Partnerships

One positive aspect of this unfolding war is the unity embraced in the United States, the European Union, and across the West – all rowing in the same direction – and Big Tech companies have shed their longtime “neutrality” to assist Ukraine. As this aforementioned New York Times article reports:

“Within three hours, Microsoft threw itself into the middle of a ground war in Europe — from 5,500 miles away. The threat center, north of Seattle, had been on high alert, and it quickly picked apart the malware, named it “FoxBlade” and notified Ukraine’s top cyberdefense authority. Within three hours, Microsoft’s virus detection systems had been updated to block the code, which erases — “wipes” — data on computers in a network.”

This is an excellent example of a public-private partnership between a government and the private sector to help defend a fellow democracy. 

What this means for us

We need to be extra vigilant against phishing, unfamiliar social media requests, and other suspicious behaviors online. In times when we feel much is beyond our control, what we can do is remain vigilant about suspicious behaviors, such as hackers who are phishing for an advantage against Ukraine’s allies.

Actions you could take personally are to change passwords, audit your LinkedIn account (who you are connected to), and report emails that do not make sense or seem to be phishing for private information. Interfor has witnessed a multitude of these probing attacks in the past few weeks.

We are in this together. We did not choose this war but we are inexorably caught up in it, to varying degrees, and we must do what we can, including that which is in our power to safeguard our digital world.