26 January 2023

How Microsoft is helping Ukraine’s cyberwar against Russia

Preston Gralla

One of the big surprises in Russia’s war against Ukraine has been how well Ukraine has fended off Russian cyberattacks. Ad hoc groups of white-hat hackers have helped, as have a number of nations and the US government.

Less well known is that tech companies, including Microsoft, are part of the effort. That aid ranges from giving advice to identifying attacks, offering fixes for them, and providing Ukraine with free tech and security services.

Microsoft isn’t just trying to help defend a country under siege from an aggressive, more-powerful neighbor. Russian cyberattacks against Ukraine can also get loose in the wild and do damage to enterprises and organizations that rely on Microsoft technology. (Russia could also deliberately target private companies with those attacks.)

By helping Ukraine, Microsoft also helps its customers — and it happens to be good PR, as well.

So just what kind of help does Microsoft give, and how might it help you or your organization? Here’s what we know.
Cyberattacks, information warfare and the safety of the cloud

In April 2022, Microsoft’s Digital Security Unit released a 21-page overview of Russian cyberattacks on Ukraine up until that date, and detailed what Microsoft had done to help.

The day before the ground invasion began, Russia’s military intelligence service, the GRU, “launched destructive wiper attacks on hundreds of systems in Ukrainian government, IT, energy, and financial organizations,” according to Microsoft.

The cyber assault didn’t let up after that. Russia attempted to infiltrate, disrupt, and destroy government networks, sometimes in concert with missile attacks. It set out to damage vital IT hardware and resources and launched disinformation campaigns to sap Ukraine’s will to fight. Russia poured a lot into these disinformation campaigns because, as the report explained it, many Russian military officials believe “operations to degrade troop morale, discredit the leadership, and undermine the military and economic potential of the enemy via information means can at times be more effective than traditional weapons.”

Microsoft offered a week-by-week account of Russia’s cyberattacks and listed some of the most dangerous pieces of malware being used, many of which target networks, Windows PCs, and .NET, Microsoft’s open source developer platform.

To fight back, Microsoft uncovered and tracked malware, and offered a variety of ways to defend against it and eradicate it. In some cases, the advice was surprisingly simple. For example, Microsoft recommended that Ukrainian organizations enable Windows’ controlled folder access capabilities, which is turned off by default. Turning it on mitigates damage done by wiper malware. It also recommended the use of multi-factor authentication, which has paid off.

The company also studied how Ukrainian organizations use Microsoft’s endpoint detection and response (EDR) solutions; based on what it found, the company offered alternatives that could be even more effective.

Microsoft’s Tom Burt, corporate vice president for customer security and trust, said in a blog post last year that Microsoft’s Threat Intelligence Center (MSTIC) found wiper malware in more than a dozen Ukrainian networks, alerted the Ukrainian government to it, and opened a 24/7 cybersecurity hotline to help fight it.

Microsoft has also helped Ukraine harden its computing infrastructure, notably by moving it to the cloud to keep it safe. Microsoft President Brad Smith explained to GeekWire that the company spent $107 million “to literally move the government and much of the country of Ukraine from on-premises servers to the cloud.” The move also helped protect data centers Microsoft runs throughout Europe. According to Smith, this “has been one of the indispensable elements in defending Ukraine.”

Microsoft plans to continue its assistance. Smith said the company will offer approximately $100 million in free tech aid and services to Ukraine in 2023. (That’s in addition to the estimated $400 million already spent.)

Keep in mind that Microsoft isn’t the only company offering help; Amazon has done similar work using its considerable cloud expertise and Google has offered cybersecurity and other kinds of aid.

All this work by governments and private companies has paid off. Part of a New York Times comprehensive investigation into how Russia has failed focused on cyberwarfare. The story noted that before the war, “Officials in Washington, who had been working closely with the Ukrainians to bolster their cyberdefenses for years, had been holding their breath. States had mainly used hacking for acts of espionage and financial thievery, for subversion and sabotage. But nobody really knew how it would play out in a full-scale military conflict.”

Here's how it played out, the Times concluded: Ukraine has so far defeated Russia in the cyberwar. Russia’s once-feared hackers threw everything they had against Ukraine, including trying to shut down the power grid, disable government networks, and kill satellite communications.

They failed every time.
What this means to your organization

There are lessons here you can apply to your organization. Much of what Ukraine has done (with the help of governments and private industry) you can do on your own. Simple changes like using multi-factor authentication, turning on controlled folder access, and improving endpoint protection can go a long way to fending off hackers and cyberattacks. Keeping everything patched and up-to-date (which Microsoft also recommended to Ukraine) can pay off tremendously. A move to the cloud increases security as well.

You don’t need to be on a war footing to do all that. But if you’re going to succeed, it makes sense to act as though you’re fighting a war against hackers. That’s certainly what the hackers believe.

No comments: