What has the cyber warfare between Russia and Ukraine taught Trellix?

Source – Shutterstock

What has the cyber warfare between Russia and Ukraine taught the world?

  • This Saturday, January 14, will mark a year since Russia’s first significant cyberattack.
  • Hacktivism has the potential to grow in scale as those backing the Russian and Ukrainian/Western regimes become savvier and more confident.

In recent years, there has been a growing trend of countries using cyberattacks as a tool in their conflicts. A notable example is the ongoing cyber warfare between Russia and Ukraine.

The ongoing cyber warfare between the two nations.

One of the key events in the war occurred in 2015 when Russia was accused of launching a cyber-attack on Ukraine’s power grid. There were 225,000 individuals without electricity as a result of this incident. It was the first known case of a cyberattack being used to interfere with a power grid, was a reminder of the potential risks of such attacks to nations worldwide.

Since then, multiple cyberattacks have allegedly been carried out by both Russia and Ukraine. In recent years, the situation has worsened, as both nations accuse one another of conducting cyber espionage and propaganda efforts. In 2020, the Ukrainian government alleged that the release of private official documents was caused by a Russian cyberattack on its IT infrastructure.

It’s worth noting that this cyber warfare also involved the usage of malware, APT organizations, and hacking groups, including well-known ones like SandWorm, BlackEnergy, and NotPetya (which is thought to have been responsible for the Petya attack).

These cyber warfare clashes seem terrible, but in January 2022, one day after US-Russian negotiations on Ukraine’s membership in NATO fell through, Russia began attacking Ukrainian government websites. Then, in February, the nation began its disastrous all-out invasion of Ukraine. The long-running cyber conflict between Russia and its neighbor has also entered a new phase, during which Russia occasionally appeared to be attempting to pitch the function of its hacking activities in the context of a brutal, physical ground conflict.

Lessons after one year of the significant Russia-Ukraine cyber-warfare.

January 14th 2023,  will mark a year since Russia’s first significant cyberattack, which brought down several government websites in Ukraine and set off a series of cyberattacks against banks and other companies that ended in the invasion of the Russian military into Ukraine.

As a result of these attacks, regulators and businesses worldwide have increased their attention to cyber defense, realizing that anyone could be a cyber attacker, even foreign governments. Similarly, the security systems market in Southeast Asia is maturing and system defenders will need to adopt a more proactive defensive strategy to protect citizens and governments from threats.

What has the cyber warfare between Russia and Ukraine taught Trellix?

Source – Shutterstock

“As the winter months and stalemate continue, it’s likely we’ll see retreats from kinetic warfare and renewed focus on cyber capabilities by Russian actors,” said John Fokker, who leads the threat intelligence efforts for the Trellix Advanced Research Center. “We expect heavily sanctioned countries, like Russia, Iran and North Korea, to rely on cyberespionage and disruptive cyberattacks in times where physical activities are not driving results and economic resources are dwindling.”

In addition to this, John has several key takeaways for the cybersecurity community below:

  • Physical + cyber conflict: Using Wiper malware in conjunction with kinetic military activity was one of the most important lessons from the Russia/Ukraine war. Wipers are nothing new, but kinetic war and their scope have never been seen together.
  • Hacktivism: Hacktivism has the potential to grow in scale as those backing the Russian and Ukrainian/Western regimes become savvier and more confident to deface websites, leak information, and carry out DDoS attacks.
  • Information exchange: Pronounced information sharing regarding the cyber conflict between the public and corporate sectors reduced collateral harm. The security industry was able to share information, alert organizations in advance, and inform customers due to this dispute, preventing the effects of future attacks.
  • Phishing continues to drive results for attackers: Along with Wiper malware, phishing is still a powerful tool that cyber actors in the Russia-Ukraine conflict use. Businesses cannot ignore the significance of employee education and email security solutions to secure their intellectual property (IP), staff, customers, and bottom line.
  • What’s next: Russia’s desire to disrupt both Ukraine and the West in response to heavy sanctions, and they may turn to more affordable cyber tactics to win the upper hand in their battle.

According to Fokker, although Russia is a strong cyber adversary and launched multiple strikes against Ukraine in early 2022, these actions had little impact until combined with physical invasion. Ukraine has repeatedly shown that its cyber defenses are effective following years of attacks intended to destabilize Ukraine’s people and government.