Okay, Ukraine is Being Attacked. How Worried Should we be?

War in Ukraine

At the time of writing this article, as Ukraine has come under attack from Russian forces from the sea, ground and air, with reports indicating that: 

• Russian troops are still trying to take Ukraine’s two biggest cities, Kyiv and Kharkiv.
• An estimated half a million refugees have left Ukraine.
• There are news reports that residential areas in Ukranian cities are now being hit with attacks such as cluster-bombs.
• The first round of talks about a ceasefire have been held.
• Satellite images have shown large columns of Russian armour and other military vehicles heading into Ukraine.
• Sanctions on Russia have caused the value of the Ruble to crash, leading to long queues at Russian banks. 

Cyber Attacks – A Part of ‘Hybrid Warfare’ 

State-sponsored cyber-attacks are now also very much an ongoing threat faced by all countries but, specifically in the case of Ukraine, they are being used against them as a weapon of war.  Part military strategy, first proposed by Frank Hoffman, and highlighted in a NATO review last year, ‘hybrid warfare’ is described as an “interplay or fusion of conventional as well as unconventional instruments of power and tools of subversion” which are “blended in a synchronised manner to exploit the vulnerabilities of an antagonist and achieve synergistic effects.”  In short, it’s a combination of conventional and unconventional strategies, methods, and tactics which includes cyber-attacks. These cyber-attacks are now used to support the ‘hard power’ of military action by disrupting vital services like power and communications to create more fear and confusion. 

A Feature of Previous ‘Hybrid’ Methods Believed to Have Involved Russia 

Russia has been blamed for the use of cyber-attacks against states before, including Ukraine, especially during military conflicts. For example: 

• Russia has been blamed for DDoS attacks on both Georgia and Crimea during the incursions in 2008 and 2014.
• In December 2015, Ukranian power stations were hacked and taken offline. It was also reported that the telephone lines had been disrupted so that the engineers couldn’t make calls. The result was huge disruption for hours for homes, businesses and other entities.
• In June 2017, the software used for Ukraine’s tax return filing system was hacked and companies were attacked with ransomware. The malicious software also spread to other countries, including the UK, as well as causing huge disruption to merchant shipping. The cost was estimated at $5-10 billion.
• In 2019, Russian military intelligence was blamed for cyber-attacks (DDoS) on 2000 websites in Georgia. The websites affected included the presidential website and the country’s national TV broadcaster. 

Recent Cyber Attacks 

The hard power of military attacks against Ukraine are reported to have been accompanied in recent weeks by cyber attacks. For example: 

• In mid January, Ukraine blamed Russia for attacks on 70 government websites (the largest attacks on Ukraine in 4 years) including the Diia website. This system, linked to government services, is where personal vaccination data and certificates are stored.
• In mid-February, Ukraine reported that two state-owned banks, PrivatBank and Oschadbank, had been hit by large-scale DDoS attacks and other failures which interrupted banking services.
• Last week, there were reports of Distributed denial of service (DDoS) attacks and “wiper” attacks against Ukrainian organisations. These attacks have destroyed data on infected machines. Experts believe that the Wiper attacks may have been planned as far back as December.
• Ukraine’s Computer Emergency Response Team (CERT) has reported that hackers from the Belarusian military (a group code-named “UNC1151”) have been targeting the private email addresses of Ukrainian military personnel “and related individuals”. The attacks have involved using password-stealing emails to break into Ukrainian soldiers’ email accounts and using the compromised address books to send further malicious messages. 

Defence – The Rapid Cyber Response Team 

Countries have their own cyber protection units, usually linked to intelligence services/agencies, and the military. In terms of Ukraine’s defence against cyber-attacks, help could come from: 

• The CRRT. Following a call for help from Ukraine, it has been reported that a rapid-response team (CRRT) is being deployed across Europe to help defend against Russian cyber-attacks which are accompanying (and preceded) the ground war. The team is reported to be made up of 12 experts, from Lithuania, Croatia, Poland, Estonia, Romania, and the Netherlands.
• Like the UK’s own Computer Emergency Response Team (CERT) which was set up in 2013, Ukraine has its own CERT-UA.  

Should we be Concerned About the Spread of the War? 

While thoughts are of course with the people of Ukraine, there has been much speculation and some warnings which indicate how the war could spread. For example: 

• Neighbouring countries are preparing for the possibility of attacks, invading forces, or events that could spill over into their territories, e.g. Poland, Latvia, Georgia, Azerbaijan, and even Finland.
• Russia’s president Putin said that he has put Russia’s nuclear force on high alert. This, however, has been dismissed by many as a distraction attempt. 

Should we be Concerned About the Spread of the ‘Cyber War’? 

At the beginning of February, oil facilities in Germany, Belgium and the Netherlands being targeted by cyber-attacks, thought to be of Russian origin, were seen as a way of Russia exerting pressure on Germany and came at a time when Russia was threatening to close its oil pipelines. Also, at the end of January, UK businesses were warned by the National Cyber Security Centre (NCSC) to bolster their cyber defences in case Russia widened its attack scope to NATO countries and/or because of the spread of malware related to attacks on Ukraine. The NCSC has given advice about how to prepare here: https://www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened 

What Does This Mean For Your Business? 

In addition to the terrible consequences of war for Ukraine’s citizens, there is uncertainty and fear about what happens next, and what could happen to escalate the conflict. Also, with more than one-third of Europe’s natural gas coming from Russia there are, of course, concerns about how the conflict could begin affecting other countries and there are bound to be big knock-on consequences for supply chains and other industries across the world. In terms of technology, there are clear risks of more Russian cyber-attacks being launched against NATO countries and the US and, as NCSC has warned, UK businesses now need to pay special attention to strengthening their cyber defences, not least to protect against malware attacks. Large UK companies and organisations involved with vital UK infrastructure could now face serious cyber-attacks (e.g. DDoS attacks) and, if not properly protected, this could have wider effects across the country for businesses and homes. 

For more information on security, including the benefits of Multi Factor Authentication, call Paradise Computing on 01604 655900 or send us a message using our online contact form.