As we adapt to the new digital ways of doing things at home, work, school and at play, politicians and governments too have to adapt to the digital world. Soldiers and tanks may care about national borders, cyber doesn’t. Cyberspace has no borders.
According to numerous news reports Russia has sent more than 100,000 soldiers to the nation’s border with Ukraine, threatening a war unlike anything Europe has seen in decades.
Though there hasn’t been any shooting yet, cyber operations are already underway.
Just last month, hackers defaced dozens of government websites in Ukraine, a technically simple but attention-grabbing act that generated global headlines.
More quietly, they also placed destructive malware inside Ukrainian government agencies months ago, an operation first discovered by researchers at Microsoft’s Threat Intelligence Centre (MITC).
It’s not clear yet who is responsible, but Russia is the obvious suspect – whether directly or through nation-sponsored hacker groups.
But while Ukraine continues to feel the brunt of Russia’s attacks, government and cybersecurity experts are worried that these hacking offensives could spill out globally, threatening Europe, the United States, and beyond.
Last month the US Cybersecurity and Infrastructure Security Agency (CISA) warned critical infrastructure operators to take “urgent, near-term steps” against cyber threats, citing the recent attacks against Ukraine as a reason to be on alert for possible threats to US assets.
The agency also highlighted two cyberattacks from 2017, NotPetya and WannaCry, which both spiraled out of control from their initial targets, spread rapidly around the Internet, and impacted the entire world at a cost of billions of dollars. The parallels are clear: NotPetya was a Russian cyberattack targeting Ukraine during a time of high tensions.
As cybersecurity researchers have pointed out, aggressive cyber operations are tools that can be used before bullets and missiles fly. It can also be used against multiple targets in multiple countries as a decoy before any ground war or invasion begins.
That looks increasingly possible. The US President Joe Biden said during a press conference January 19 that the US could respond to future Russian cyberattacks against Ukraine with its own cyber capabilities, further raising the specter of cyber conflict spreading.
Unlike old-fashioned war, cyberwar is not confined by borders and can more easily spiral out of control.
Ukraine has been on the receiving end of aggressive Russian cyber operations for the last decade and has suffered invasion and military intervention from Moscow since 2014.
In 2015 and 2016, Russian hackers attacked Ukraine’s power grid and turned out the lights in the capital city of Kyiv – unparalleled acts of hostility that haven’t been carried out anywhere else before or since.
The 2017 NotPetya cyberattack, once again allegedly ordered by Moscow, was directed initially at Ukrainian private companies before it spilled over and destroyed similar systems around the world.
NotPetya masqueraded as ransomware, but in fact it was a purely destructive and highly viral piece of code.
The destructive malware seen in Ukraine last week, now known as WhisperGate, also pretended to be ransomware while aiming to destroy key data that renders machines inoperable.
Experts say WhisperGate is “reminiscent” of NotPetya, down to the technical processes that achieve destruction, but that there are notable differences.
For one, WhisperGate is less sophisticated and is not designed to spread rapidly in the same way. Russia has denied involvement, and no definitive link points to Moscow. I would not expect there to be one – they’ve had lots of practice at this!
NotPetya incapacitated shipping ports and left several giant multinational corporations and government agencies unable to function.
Almost anyone who did business with Ukraine was affected because the Russians secretly poisoned software used by everyone who pays taxes or does business in the country. Estimated losses to international companies affected were in the tens of billions of dollars.
Accident or not, cybersecurity expert John Hultquist anticipates that we will see cyber operations from Russia’s military intelligence agency GRU, the organisation behind many of the most aggressive hacks of all time, both inside and outside Ukraine.
The GRU’s most notorious hacking group, dubbed Sandworm by experts, is responsible for a long list of greatest hits including the 2015 Ukrainian power grid hack, the 2017 NotPetya hacks, interference in US and French elections, and the Olympics opening ceremony hack in the wake of a Russian doping controversy that left the country excluded from the games.
There is serious debate about the calculus inside Russia and what kind of aggression Moscow would want to undertake outside of Ukraine.
No one fully understands what goes into Moscow’s math in this fast-moving situation. American leadership now predicts that Russia will invade Ukraine.
But Russia has demonstrated repeatedly that, when it comes to cyber, they have a large and varied toolbox. Sometimes they use it for something as relatively simple but effective as a disinformation campaign, intended to destabilise or divide adversaries.
They’re also capable of developing and deploying some of the most complex and aggressive cyber operations in the world.
In 2014, as Ukraine plunged into a similar crisis and Russia invaded Crimea, the EU stood by and did nothing, reacting slowly with sanctions but by then it was too late.
Leaks and disinformation have continued to be important cyber tools for Moscow. US and European elections have been plagued repeatedly by cyber-enabled disinformation at Russia’s direction.
At a moment of more fragile alliances and complicated political environments in Europe and the US, Russian President Putin can achieve important goals by shaping public conversation and perception as war in Europe looms.
As Hultquist points out – “These cyber incidents can be nonviolent, they are reversible, and most of the consequences are in perception. They corrode institutions; they make us look insecure, make governments look weak.
They often don’t rise to the level that would provoke an actual physical, military response although I believe these capabilities are on the table.”
In my opinion people tend to forget that Russia’s had more chess grandmasters and chess world champions than any other country.
In fact, in Russia chess is considered almost a national sport or activity like rugby 7s in Fiji – and most learn from a very early age.
This goes back centuries to the time of the Tsars. In chess, subtle slow moves may hide an overall brilliant strategy that may not be discerned until it’s too late.
Just as with the pandemic misdirection early last year cloaking the massive cybersecurity breaches in the US and allies through SolarWinds and ransomware cyberattacks, one wonders what else is going on in cyberspace whilst the US and Europe are focused on the physical Russian-Ukraine border.
I believe we should expect cyberattacks to become a staple of military arsenals in 2022 and beyond as more nation states will use digital vulnerabilities in smart cities, state and local governments to undertake cyberattacks which are part of national offensive strategies.
A significant area that has been exposed through the pandemic and major cyberattacks in the last 18 months is the supply chain.
For example we expect a significant rise in cybercriminal copycats delivering malware via software updates – the SolarWinds Sunburst incident shocked the industry.
Using highly sophisticated malware hidden inside legitimate software updates, the attackers not only exfiltrated targeted data, but also spread the malware across a huge spread of victims. When malware is successful, copycat attacks will follow.
Organisations will turn to analytics to recalculate their understanding of cybersecurity risks and to reshape their protection strategies – when we talk about business risk, it boils down to two fundamentals: do we understand:
1. What information assets are we protecting; and
2. The factors that impact our ability to protect our information assets.
The last eighteen months has seen a gradual erosion of the protocols we had in place to manage workforce behaviours, and without an accurate understanding of this behaviour, risks can easily be introduced.
The new protocols that govern technology and personnel requirements for the remote and hybrid workforce will drive how we protect our organisations from both internal and external threats.
As we incorporate technology into more critical infrastructure, including the agriculture and fisheries sector, we’ll see the emergence of new technologies as high-value targets for cybercriminals – as the agricultural and fisheries industry embraces digital transformation, new attack surfaces are formed.
With remote controlled tractors, automatic watering devices or livestock feeders, automated marine vessels, maritime surveillance drones etc, the potential for disruption is sobering.
Combine this with growth in smart cities or towns built on IoT, and steps must be taken now to protect our streets, farms and marine services infrastructure.
It begs the question: are essential services like electricity, food and water becoming too smart for their own good?
While there seems to be confusion amongst the US and European leaders at the moment on the Russian-Ukraine situation, Russian President Vladmir
Putin, a master of chess and former KGB intelligence officer once said a few years ago – “Chess makes men wiser and clear-sighted”.
As always, God bless and stay safe in both digital and physical worlds.
- ILAITIA TUISAWAU is a private cybersecurity consultant. The views expressed in this article are his and not necessarily shared by this newspaper. Mr Tuisawau can be contacted on ilaitia@cyberbati.com
