On February 24th, 2022, less than an hour before Russian tanks started rolling into Ukraine, computer hackers brought down the satellite communications system run by American firm Viasat, temporarily knocking out communications in Ukraine, Internet connections across Europe and wind turbines in Germany. Russia’s attack on Viasat was by no means the only cyberattack it directed at Ukraine. Wiper programs, designed to delete data, infected systems across the country and hackers used malware called Industroyer2 to attack Ukraine’s electricity grid. Meanwhile cyber espionage to gain information and a barrage of fake news designed to mislead and shape public perceptions of the war have wreaked other kinds of havoc.
Indeed, there were more cyberattacks in Ukraine during the first four months of 2022 than in the previous eight years combined, according to a recent report by Google’s threat analysis group. Russian government-backed attackers have engaged in an aggressive, multi-pronged effort to gain a decisive wartime advantage in cyberspace, says the report. This includes a significant shift in various groups’ focus towards Ukraine, a dramatic increase in the use of destructive attacks on Ukrainian government, military and civilian infrastructure, a spike in spear-phishing activity targeting NATO countries, and an uptick in cyber operations designed to further multiple Russian objectives such as hack-and-leak sensitive information to further a specific narrative, according to the report.
Ukraine has proved surprisingly resilient and there is much that companies and governments can learn from the besieged country’s cyber defense tactics, says James Appathurai, NATO Deputy Assistant Secretary General for Emerging Security Challenges, which includes emerging technologies, cyber, climate and security and counter terrorism. He spoke on a May 23 panel on innovation in cybersecurity moderated by The Innovator’s Editor-in-Chief during the Women In Tech Global Summit in Paris.
Preparing For The Inevitable
The Russians have had limited success in their cyberattacks because the Ukrainians were ready for them, says Appathurai. Ukraine has been upgrading its cyber defense and cybersecurity since the Russians invaded and subsequently annexed the Crimean Peninsula in 2014. “They have been doing all of the things that everybody should be doing: updating their software and their software licenses, training their employees, upskilling their cybersecurity personnel, actively hunting for malware and preparing contingency plans, including back-ups for data,” he says. For example, Ukraine worked with Microsoft to back up all essential government and defense data in the Cloud so when servers were attacked it did not take down services, helping Ukraine to recover quickly.
Another factor working to Ukraine’s advantage is the large numbers of skilled cybersecurity personnel. “They have a huge number of cyber experts and companies need to ensure that they do too,” says Appathurai. “It’s important to focus on what skills are needed because it is always changing. We need to train not just people at school, but also keep training employees all the time to be cyber savvy. It is not enough to have hands on keyboards to fight off attackers, 70% to 80% of attacks are via human engineering and phishing attacks and generative AI is going to make it 1000 times worse because it will be so easy to make deep fakes and imitate faces and voices that people will have trouble knowing what is real and what is not real.” An example is a deep fake video of Ukrainian President Volodymr Zelensky encouraging Ukrainians to surrender that surfaced in March of last year.
But Ukraine is also using the latest technologies to its advantage. It has been actively buying and employing cutting edge tech “at the speed of relevance,” says Appathurai. “They are acquiring new technologies very, very fast because they have realized that the normal ways of procuring and adopting technology does not work for them,” he says. “That is not surprising because it does not work that well for us.” In big companies and in government “the onus is on us to do two things: speed up acquisition of new technology and new software, and be less risk adverse,” says Appathurai. “We need to empower innovation professionals to try things, with the relevant protections built in. If they try one thing and it doesn’t work and three things that do work, they should be rewarded for what did work and not be punished for what didn’t. That requires a culture shift.”
Cyberattacks are inevitable, says Appathurai “You can be sure your company will be attacked,” he says. “There is no doubt about it and if you wait for the catastrophic event to do something the impact will be catastrophic. It comes down to doing the boring daily preventative work that Ukraine has successfully mastered. Companies need to invest in and reward managers for taking preventative steps. In cybersecurity the mark of success is nothing happening.”
Threats To Critical Infrastructure
The lessons learned are quite clear, says Appathurai. “We have to be prepared and can’t wait for the day of an attack,” he says, “And we need good public/private collaboration.” Today lots of critical infrastructure is run by private industry rather than government, so it is important that they work hand in hand, he says.
“Since the attack began last year Russia has gone through a range of strategies,” he says. “At the beginning of the war the attacks were very generalized,” he says. Over time there were more bespoke attacks aimed at specific targets. “They tried to activate all the malware they implanted,” he says. “We know that the Russians use ransomware as a cover for installing malware in industrial control systems for later use not just in Ukraine but in NATO countries. This is what the cyber industry is warning us about right now.”
As a result, individual governments and NATO are working with industry to step up efforts to protect critical infrastructure.
For starters individual governments are adopting measures to encourage private companies to report ransomware attacks. An estimated 70% of such attacks go unreported, says Appathurai, for fear of reputational damage and impact on stock prices. When it comes to attacks on critical infrastructure – such as the The Colonial Pipeline attack, which took place in May of 2021 and shut key conduits delivering fuel from Gulf Coast refineries to major East Coast markets in the U.S – “it has massive potential impacts on society.”
The U.S. government’s updated #StopRansomware Guide, which is co-authored by the Cybersecurity and Infrastructure Security Agency (CISA), FBI, National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center, notes that: “paying ransom will not ensure your data is decrypted, that your systems or data will no longer be compromised, or that your data will not be leaked.” The guide also warns organizations may face sanction risks if they pay ransoms.
National cyber leaders and experts convened in November in Rome to discuss protecting the energy sector from cyber threats and ensuring the NATO Cyber Defense Pledge keeps pace with the evolving cyber threat landscape.
The Cost Of Failure
There is good reason to do so. The war in Ukraine has transformed the cyber threat landscape in multiple ways, increasing threats not just to Ukraine but to NATO. The report from Google’s threat analysis team predicts with “high confidence” that Russian government-backed attackers will continue to conduct cyberattacks against Ukraine and NATO partners to further Russian strategic objectives. It also predicts that Moscow will increase disruptive and destructive attacks in response to developments on the battlefield that fundamentally shift the balance – real or perceived – towards Ukraine. “These attacks will primarily target Ukraine, but increasingly expand to include NATO partners,” says the report.
Since the war began, the Google threat analysis team says there has been an over 300% increase in Russian phishing campaigns directed against users in NATO countries in 2022 (compared to a 2020 baseline).
As the 21st battlefield expands to include more cyber warfare it is more important than ever that companies and countries step up their game, says Appathurai. Cybersecurity is a part of all elements of a country’s defense, not just military. ”It’s essential to keeping government services running, the banks open, access to water and keeping the lights on. If people don’t have those things citizens need to leave and become refugees,” he says. Ukraine’s resiliency to attacks in cyberspace means that its populations can communicate with loved ones and be reassured, and know where to go when an attack happens. It also allows President Zelensky to continue to go on TV every day to fight disinformation and motivate his people and motivate other nations to provide more weapons, he says. “Cybersecurity underpins a society,” says Appathurai. “The cost of failure would not just be high for Ukraine, but for us.”
This article is content that would normally only be available to subscribers. Sign up for a four-week free trial to see what you have been missing.
To access more of The Innovator’s cybersecurity stories click here.