Parting Shots (Q2 2022 Issue)

Deputy editor Benjamin David argues that cyber is a weapon, and it won’t be long until it costs lives 

As we approach mid-2022 and watch the cybersecurity industry increasingly focus on the 2022 Russian invasion of Ukraine, there is popular rhetoric circulating that wonders, ‘where’s the cyber element in all of this?’ Even though many experts warn that cyber is a very real weapon in the conflict, many columnists have hurried to dispel such fears, even going so far as to sneeringly caricature the conflict as “the Ukrainian cyberwar that wasn’t” (The New York Times). Remarkably, this rhetoric shows no sign of abating, making one wonder what impact this is having in the minds of those outside of the cyber industry.

Although many in our industry have criticized such rhetoric as woefully premature, it’s important to also admit that there’s much fearmongering, with myriads of popular news publications, including the Wall Street Journal, going so far as to call the conflict a “full-scale cyberwar.” Thankfully, cyber experts generally know that it’s farcical to portray the Russian invasion of Ukraine as some sort of cyber armageddon. After all, Russia has been conventional in its brutality since the very beginning of the invasion, opting for tanks, guns, missiles and aircraft.

Yet, despite the devastating figure of 6546 civilian casualties in Ukraine since the start of Russia’s invasion as of May 2, we shouldn’t be so quick to judge the conflict as a straightforward onslaught either. Accompanying the bloodshed are widespread espionage and intelligence activities. These attacks have targeted institutions in Ukraine and have aimed to disturb Ukrainians’ access to crucial life services. There have also been espionage attack activities targeting NATO member states with disinformation activity. One of the major problems detailing this is that Russia’s hybrid tactics are challenging to delineate, comprising intelligence-gathering, informational operations, espionage, communication efforts and all in the darkness of cyber space.

Although a cyber armageddon this isn’t, cyber-attacks have nonetheless pullulated since the outset of the invasion, leveraged as an important weapon of war. Even leading up to the invasion, Russia and/or its proxies were identified as the likely perpetrators of Ukrainian website defacements, damaging malware and distributed denial of service (DDoS) attacks. Indeed, at least six distinct Russia-aligned nation-state actors launched over 237 cyber operations against Ukraine before the invasion.

"Although a cyber armageddon this isn't, cyber-attacks have nonetheless pullulated since the outset of the invasion..."

More recently, in March, Ukraine’s national telecommunications provider was hit by a significant cyber-attack, leading to the most severe disruption to internet connectivity in the region since the start of the conflict with Russia. In April, Microsoft’s corporate vice president of customer security and trust, Tom Burt, claimed that “nearly all of Russia’s nation-state actors” are now engaged in a full-scale attack on Ukrainian critical infrastructure. This isn’t surprising, given the destructive attacks Microsoft has observed – numbering close to 40, targeting hundreds of systems. Of this, 32% of destructive attacks directly targeted Ukrainian government organizations at the national, regional and city levels. In addition, more than 40% of destructive attacks were aimed at organizations in critical infrastructure sectors that “could have negative second-order effects on the Ukrainian government, military, economy and civilians,” claimed Burt.

‘Correlation doesn’t equate to causation,’ one might be inclined to think, but it’s no coincidence that cyber-attacks take place in conjunction with Russia’s military operations. For example, in March, a Russian threat actor pilfered data from a nuclear safety organization weeks after the Russian military captured nuclear power plants. While the Russian military assailed the Ukrainian city of Mariupol, a phishing campaign emerged targeting Ukrainians in which a Russian actor, pretending to be a Mariupol resident, duplicitously accused Ukraine’s government of “abandoning” its citizens. Interestingly, Microsoft’s recent Special Report: Ukraine shows that Russia deployed hacking campaigning to buttress its ground campaign in Ukraine, combining missiles and malware in various attacks, including on TV stations and government agencies. By the end of March, Russian hackers turned their attention to eastern Ukraine, coinciding with the Russian military reorganizing troops there. Unfortunately, little is known about hacking campaigns backed by Russia that occurred during April, with investigations continuing.

With all of this said, how should editors, journalists and commentators be approaching the cyber element in this conflict? Most of us are fully aware that war is, by nature, an appalling affair. The popular quote “War does not determine who is right – only who is left” comes to mind, and these haunting words touch upon a very frightful maxim, and when thought about in the context of the 2022 Russian invasion of Ukraine, it’s difficult not to shudder. No one knows how this war will end, but it’s vital that everyone knows that a hybrid conflict is occurring, and it’s changing the paradigm of war today, yesterday and will continue to do so in the days, weeks and months ahead.

The actions currently being taken by Vladimir Putin and the Russian military through tanks, aircraft, missiles and infantry continue to put innocent Ukrainian citizens in harm’s way. Yet, Russia’s ongoing use of cyber weapons belies dangerous, widespread views that cyber-attacks are inconsequential in Russia’s military strategy. Cyber is a weapon, and it won’t be long until it costs lives 

What’s Hot on Infosecurity Magazine?