Pages

26 October 2022

Ukraine Could Still Face Cyberattacks, Experts Say

Bree Fowler

The fact that Ukraine has yet to suffer a crippling cyberattack after nearly eights months of war with Russia is a credit to the country's own online defenses, but experts say a major attack could still come as the war drags on and Russia gets more desperate.

The Ukraine-Russia conflict and how it could affect the world's security as a whole was a major topic of discussion this week at Mandiant's mWise cybersecurity conference in Washington.

Though Ukraine has been hit with wiper malware, along with other kinds of destructive cyberattacks, they've so far been fairly low level, threat intelligence experts said during a Wednesday panel discussion.

What observers haven't seen as much as expected are major attacks on targets outside Ukraine, says John Hultquist, Mandiant's head of intelligence analysis. He adds that it remains to be seen whether those kinds of attacks will unfold down the road.

"But I think the war is constantly changing," Hultquist said during the panel discussion, adding that Russia is "doubling down" and that because the people behind their cyberoperations are spies, there's a lot that experts can't see.

Meanwhile Ukraine's defenders continue to do "an exceptional job," he said.

"I know for certain that many operations have failed because of good defense, and that's good news," Hultquist said.

Victor Zhora, who leads Ukraine's main cybersecurity agency, said one of the reasons his country's cyberdefenses are so strong is that the country has been defending its critical infrastructure against Russia since 2014, when Russia launched an attack against Ukraine's presidential election.

Other attacks followed, including the 2017 NotPetya attack that crippled computers across the country. That malware also spread to unintended targets far outside of Ukraine, shutting down companies including FedEx, Merck, Cadbury and AP Moller-Maersk.

In response, Ukraine boosted both its national cybersecurity defenses and its cooperation with other countries, Zhora says.

"We took a lot of lessons from the cyberagressions from the last eight years," Zhora said during a separate taped conversation with Mandiant CEO Kevin Mandia that aired during the company's conference.

"I think that's one of the reasons why the adversary hasn't reached its strategic goals in the cyberwar against Ukraine."

Adam Meyers, CrowdStrike's head of intelligence and a speaker on the same panel Hultquist was on, cautioned that it's not a question of whether Russia is capable of a massive cyberattack including against targets in the West, because it clearly is.

"I think that they became very quickly embroiled in Ukraine and realized they were over their skis as it pertained to the physical conflict," he said, adding that Russia's hackers started going after targets in other places like Poland and Moldova around the same time.

"I think this is a marathon not a sprint and we need to stay vigilant," Meyers said.

Katie Nickels, director of intelligence for Red Canary, also spoke on the Mandiant panel and echoed those thoughts. She pointed to Russia's previous attempts to freeze out the Ukrainian people by attacking the country's electric grid during the winter.

"This isn't over," she said. "What better way to create fear than to have a power outage as those temperatures drop, and ruin holidays for all of the defenders as well?"

No comments:

Post a Comment