There's been plenty of noise around the cyberwar, with many enthusiasts joining the digital armies both on the Ukrainian and Russian sides. But has anything significant happened yet?
Some reports from the cyber front, like Anonymous hacking Russian channels to broadcast the Ukrainian anthem, have been amusing. Others, warning about the data wiper attacks, were more worrisome. Yet, some claim that it is suspiciously quiet on the cyber front without any sophisticated cyberattack happening since the Russian invasion of Ukraine.
It is not quiet out there, but primarily cyber activists like Anonymous, among other groups, continue making most of the noise. DDoS has become a popular tool to target different institutions, including Russian media, FSB, Kremlin, and Ukrainian government websites, among others. I asked a couple of cybersecurity experts to speculate on what's going on and what to expect next.
They might be hiding something
Russia changed its hacking tactics after the annexation of Crimea and got aggressive. In 2015, they hacked the Ukrainian power grid and caused the first-ever blackout triggered by hackers. Approximately 230,000 people were left without electricity.
In 2017, Russia deployed the infamous NotPetya malware that swamped websites of Ukrainian organizations, including banks, ministries, power companies, and media. It resulted in tens of billions of dollars in damage around the world.
To Jacob Ansari, CISO at cybersecurity company Schellman, recently undiscovered malware strain HermeticWiper resembles NotPetya malware from 2017. Current wiper malware shows a level of sophistication greater than others of this type.
"Assuming these are coordinated elements of Russian military aggression, it's possible that these are precursors or early moves in the unfolding conflict, and the Putin regime has other, more drastic measures it could employ. It's also possible that these elements would appear more severe to outside observers absent the much more dire armed conflict happening in Ukraine," he said.
Ariel Parnes, Co-Founder at Mitiga, speculates that we probably don't know the whole picture as part of the game might be to hide the attacks fully or partially.
"For example, let's imagine an attack on a certain bank account. If the attack is made public, people will be afraid of losing their own money and running to the banks to take their money out. That "run on the bank" will be the real attack; the whole banking system of a country may collapse. Making it public is an amplification of the attack," he told Cybernews.
Moreover, while both sides have almost certainly been preparing with cyber tools for the attack, they have also probably been working on defense, possibly with the help of others.
Russians could undoubtedly cause harm to Ukrainian infrastructure, but, according to Parnes, it could make sense to leave communication infrastructure intact, as it is a target for attacks and a source of intelligence during the conflict and beyond it.
While Russia showed it was able to negatively impact the power infrastructure in Ukraine in 2017 with the notPetya attack, escalating with an attack on the power grid may result in collateral damage and become challenging to control,said Parnes.
Tony Miuccio, Cybersecurity Principal Engineer with Black Tower Security, agrees with Parnes. Russia might not want to cause mass outages if it has the advantage of hearing and monitoring Ukrainian operations and movement.
“Intelligence drives war in the modern-day, and destroying the electrical grid or other infrastructure might put that at risk. It may also trigger unwanted intervention from the EU or NATO,” he added.
Not enough support?
Conti said it would hurt Putin's foes but then, according to the Radware, one hour later, they changed their position, saying they do not ally with any government, and they do condemn the ongoing war. But they will use their full capacity to strike back if American cyber aggression compromises the well-being and safety of peaceful citizens of the Russian Federation.
"Russian cyber militia, which is groups of patriotic hackers that help the Russian government achieve political goals, could have been less cooperative with the government this time compared to the past cyber-warfare," Nir Kshetri, a professor at the University of North Carolina-Greensboro, told Cybernews.
Pro-Russian hackers, he reminded, were very supportive of the Kremlin in the past.
"Russia's ‘hacker patriots’ have launched DDoS attacks against several governments' internal and external adversaries, such as independent media sources in Russia, government agencies in Estonia, Georgia, and Lithuania, and Chechen separatist fighters. In the 2008 Russia-Georgia war, Russia combined its cyber power with traditional military operations. The notorious cybercrime group Russian Business Network was believed to be a key player in cyberattacks on Estonia in 2007 and 2008 DDoS attacks against government agencies in Georgia Russian cybercrime groups, some of which have been established by former spies, are controlled."
What happens next?
Cyberwar is not the most terrifying front at the moment when Russia started attacking Ukraine’s power plants. A lot can change in one night, especially for those living in Ukraine and other European countries. With that said, cyberattacks won’t cease no matter what.
“We anticipate, and organizations should prepare for an increase in Russian state-sponsored and cyber-mercenary attacks, particularly as the impacts of sanctions are realized. These attacks will likely become more sophisticated, persistent, and aggressive in their targeting. There may be attempts to disrupt financial systems, power grids, and supply chains in order to pressure for relief of those sanctions,” Tara Lemieux, Senior Associate of Schellman, told Cybernews.
Larry Clinton, the president of the Internet Security Alliance, reckons that the war will boost cybersecurity spending overall.
“Spending on cybersecurity in the US is far, far behind its adversaries - China has designated $1.4 trillion on their digital strategy over the next five years. This is several times more than the US plans to spend, even with the recent increases in the Biden Administration. In addition, the cybercriminal nation generates up to 2 trillion a year, and we successfully prosecute less than 1% of cybercriminals, so for whatever reason, an increase in attention and spending on cybersecurity is a good thing,” he said.
Andreas Grant, network security engineer and founder of Networks Hardware, agrees that it can be just a matter of time before Russia starts unleashing its weapons on anyone who tries to take Ukraine’s side.
More from Cybernews:
Subscribe to our newsletter