The risk that Ukraine, but also European countries and the United States, suffer cyberattacks by Russia or groups related to its cause is high
A few weeks ago we analyzed the hybrid threat situation that was taking place in Ukraine. We commented that this type of threat could replace a traditional war or be the prelude or preparation for one of them.
Unfortunately it has been shown that we are in the second scenario. Now, in addition to the usual factors of a military conflict (humanitarian, military, geopolitical, economic), it is necessary to analyze the risks for cybersecurity that this situation entails.
The 1991 Gulf War has been considered the first live televised war. The invasion of Ukraine could become the first conflict in which the Internet constitutes one more space of the conflict.
Disinformation and propaganda
The question we all ask ourselves is what is going to happen from now on in cyberspace? In the short term, an intensification of the disinformation and propaganda campaigns of the different agents involved will be observed.
It is necessary to be very careful with the information that reaches us about the invasion, with the sources from which it comes and with the mechanisms to collate it if we do not want to contribute to the spread of hoaxes or false news, since it is one of the fronts in which What else is the battle going on these days?
Keep in mind that Putin still hopes to win over the pro-Russian population living in Ukraine and justify his actions to the Russian citizens themselves. The reputational damage he has already done to his country seems irreparable outside Russia’s borders, but the internal dimension is essential for him right now. Meanwhile, Ukraine needs help from the rest of Europe and the world. And let the Russian citizens understand what is happening and not be fooled by his government.
High risk of cyber attacks
All governments and companies are warning these days of the high risk of suffering cyber attacks in all countries. And for that reason, we are trying to increase the level of security with additional protection and detection measures.
The wave of cyberattacks on critical Ukrainian infrastructure – nuclear or electrical power plants, water treatment and treatment plants, gas distribution centers, antennas and communications towers, railways, etc. – that was expected a few weeks ago has not yet occurred.
In a traditional war scenario, it is much easier for the Russian army to bomb these facilities and use conventional means to disable them than to resort to sophisticated cyberattacks. Also, attribution is not a problem, they are no longer hiding, they are no longer denying what they are doing. Of course, it is possible that at some point they decide to start using cyberattacks (for example, to isolate cities, prevent the mobility of citizens or leave them without water or energy) to minimize the degree of physical destruction of the country and not have so much work of reconstruction when everything happens.
It also seems likely that the Russian government will decide at some point to extend the war by cyber means towards agents who, until now, for purely geographical reasons, are playing less of a role.
It must be remembered that the invasion of Ukraine has to do not only with the relationship between Russia, Ukraine and Europe, but also with the United States. The only way to involve this country directly in the conflict and to fight back, for example, by imposing economic sanctions, will be to launch cyberattacks that have direct or indirect economic impacts of a similar magnitude. For example, attacking banks and other critical infrastructure or large companies.
This type of retaliation, obviously, would also be taken against European countries and their sphere. And they could be carried out directly from state forces or from related groups that have already shown their support for the “Russian cause” (some of the biggest cybercrime mafias today are mostly Russian and support Putin).
Other dimensions of the problem
In addition to these factors, which are more or less expected, in the cyber war that is starting in recent days there have been completely new situations that are worth commenting on.
For example, Anonymous, a group of hacktivists with no recognized hierarchy or ideology that was founded at the beginning of this century, has declared war on Russia for its invasion of Ukraine.
At the moment it has been more of a propaganda maneuver than an effective one, but it is true that Anonymous has attributed different denial-of-service attacks to Russian media and government websites. And even Putin’s yacht. It is likely that most of the actions of this group have this propagandistic and demoralizing aspect, but it is a new agent that we will have to be aware of in the coming weeks.
Another new actor is the so-called IT Army, a group of cybersecurity specialists who are organized through a Telegram channel created by the Government of Ukraine and who work on a voluntary basis.
In principle, the goal of this “technological army” is to help protect Ukrainian infrastructure from Russian cyberattacks, but it has also gone on the counterattack. It has shared a detailed list of Russian targets to launch denial-of-service attacks against. It is mainly about winning the propaganda battle by making the websites of major media outlets, companies or the Russian government unavailable. We must also closely monitor the evolution of this initiative, which seems to be spreading to targets in Belarus.
Finally, a curious case is the one that has occurred in relation to the Conti criminal group, which operates one of the most widespread types of ransomware in recent months, based on double extortion (they ask for a ransom to decrypt the data and also to do not publish them).
This group has publicly come out in favor of Russia’s invasion of Ukraine and has announced its intention to launch its ransomware attacks against high-profile victims in the West. Some of its members, predictably Ukrainian, have published a large amount of information about the group and its way of working, such as internal chats, code or strategies to choose its victims. Similar situations are not ruled out in the future in this or other mafias related to cybercrime in which supporters and opponents of Putin coexist.
vigilant against what may happen
The war doesn’t have a script, so we just have to wait and see how events unfold. Few analysts predicted a war of the magnitude of the current one a few weeks ago, so assuming that we can predict what will happen in the following weeks in the cybernetic aspect is unrealistic.
We cannot, neither more nor less, than be prepared for whatever comes. And keep the alert level high, because the risk of incidents is indeed very high. Russia has so far focused on the nuclear threat when talking about retaliation. Honestly, we hope that it will soon be replaced by the technological threat, in which we have many more options to minimize the impacts of the attacks that are finally carried out.
This article has been published in The Conversation
#invasion #Ukraine #intensify #cyber #war