20 February 2023

What we've learned from a year of Russian cyberattacks in Ukraine

Tim Starks

Welcome to The Cybersecurity 202! A chap yesterday walked in behind me as I held a door open, whereupon he convincingly made me think that I had somehow bashed his head with that door. At first I got all worried that I’d legit hurt someone, but he let me in on the ruse very quickly. I’m gonna say: Good prank.

Below: TikTok’s CEO speaks with The Post about the company’s plan to fight calls to ban the app, and two U.S. agencies say they will move to tighten election security ahead of 2024. First:

The Russia-Ukraine conflict is nearing its first anniversary, so it’s time to take stock of cyber’s role

Ukrainian forces move along the snowy terrain on a Soviet-era howitzer in the Donetsk region of eastern Ukraine on Tuesday. (Heidi Levine for The Washington Post)

Nearly a year into Russia’s conflict with Ukraine, the world has learned much about both the capabilities and limits of hacking in wartime.

Feb. 24 marks the first anniversary of the Russian invasion of Ukraine, a war punctuated by cyberattacks from its onset to today. “Importantly, this marks the first time that cyber operations have played such a prominent role in a world conflict,” reads a joint one-year analysis from three divisions of Google out today.

It’s a conflict that shows little sign of ending anytime soon. But the anniversary also offers a moment to take stock of what’s transpired, and what it means for the rest of the world.

Lessons learned

Much of the early reaction to the war on the cyber front was experts scratching their heads about why there weren’t as many significant cyberattacks as expected. But there have been some significant attacks, with an early attack on U.S. satellite company Viasat disrupting communications.

But other than that attack, much of Russia’s cyberspace assault has had little impact, said Dmitri Alperovitch, executive chair of the Silverado Policy Accelerator, a think tank.

“For cyber to be effective on a battlefield, it has to be deeply integrated into conventional military plans,” Alperovitch told me. “They’ve utterly failed in achieving any tactical or strategic successes, Viasat aside, which actually was a combined arms operation with significant effects.”

Originally, there were fears that Russia’s cyberattacks would extend to other nations, too, such as Ukrainian allies. “I think all of us were surprised, somewhat, that there have not been more significant attacks outside of Ukraine,” Jen Easterly, director of the Cybersecurity and Infrastructure Agency, said Wednesday.

It’s not that other countries got off scot-free. Easterly noted that there was at least one cyberattack that spilled over into Poland, which is a member of NATO and the European Union.

Google saw a big jump in phishing attacks against Poland in 2022, led by a Russia-affiliated hacking group commonly known as Ghostwriter. And while the war in Ukraine might not be the only factor, Russia-based phishing attacks against NATO countries jumped 300 percent from 2020 to 2022, Google found.

Easterly — more from her later on election security further down in The Cybersecurity 202 — attributed the relative lack of attacks outside Ukraine to several factors:

CISA’s “Shields Up” awareness campaign warned about the threat of spillover attacks.
Russia was overconfident that it was going to “cakewalk to Kyiv.”

Russia was also concerned about potential escalation, she said.

After the early quick tempo of cyberattacks in Ukraine and attempts to launch destructive attacks that would wipe out computers in parts of the country like its electricity industry, Russia’s effort “began to drift a bit,” said Dick O’Brien, principal intelligence analyst for the Symantec Threat Hunter Team.

It’s possible that Russia was ineffective because of overconfidence that led to poorly planned attacks, he said. Also, Ukraine hardened its defenses after years of Russian cyberattacks before the invasion, he said.

And attacks against Ukraine have also been more plentiful than the public knows, Alperovitch said.

“The Ukrainians have done an amazing job keeping much of it under wraps,” he said. “Not all the attacks have been successful, but even those that have been successful have been in many cases kept under wraps, and the Ukrainians in general obviously do not want to give Russia a propaganda victory by admitting that some of their attacks had succeeded.”

In the future …

The war is not over. It’s possible that Russia could still ratchet up its cyberattacks, according to cybersecurity experts and Google.

“We assess with high confidence that Moscow will increase disruptive and destructive attacks in response to developments on the battlefield that fundamentally shift the balance — real or perceived — toward Ukraine (e.g., troop losses, new foreign commitments to provide political or military support, etc.),” its report reads. “These attacks will primarily target Ukraine but increasingly expand to include NATO partners.”

The conflict has also offered lessons for Ukraine and other countries. The war has led to the “realization that when the shooting starts, old-fashioned warfare may be more effective than cyberwarfare,” O’Brien said. Leaders in Ukraine and on the international front have plenty to worry about beyond cyberspace, where Ukraine has spent time and resources countering cyberattacks.

Ukraine built up its ability to withstand cyberattacks and make them harder to carry out, which is especially important at the beginning of a war, said Mark Savchuk, a member of the Ukrainian Volunteer Journalists Initiative that seeks to communicate about Ukraine with Western media outlets. That’s a lesson for the future as well, he told me.

“It wasn’t the tanks that rolled in first,” said Savchuk, who has worked in the cybersecurity field. “It was the cybersecurity hacks that came first and then came the war.”

Countries around the world can take still other lessons from the cyber dimension of the Russia-Ukraine war, Alperovitch said.

“In future conflicts, powers that integrate cyber directly with electronic warfare with kinetic strikes with military intelligence collection are the ones that are going to reap the benefits of this tool,” he said.

But some aspects of the Russia-Ukraine conflict have little applicability elsewhere. For example, some nations integrate their weaponry and network connectivity, but neither Russia nor Ukraine do, he said.

“That will not necessarily be true in future conflicts, and particularly if there’s going to be conflict between the U.S. and China,” he said. “That will present unique opportunities to cyber for disruption and potentially even disabling of critical offensive capabilities, at least in the opening stages of conflict. And maybe even throughout.”

No comments: