Ukraine Invasion Growing “A Tsunami of Cyberattacks”

The invasion of Ukraine is honing the skills of lots of cyberattackers, who will eventually be looking for a ransomware payday.
9 September 2022

The invasion of Ukraine will result in a new wave of commercial cyberattacks.

Cyberattacks thrive on confusion, a lack of knowledge about systems and assets, and any, usually quite common, points of weakness. Any major period of turbulence in a country will likely make a whole raft of businesses more vulnerable to cyberattack than they have previously been.

That means that in pure principle, it should be no surprise that in recent months, cyberattacks on Ukraine’s government and military sector have more than doubled, increasing by 112% overall, according to new findings from Check Point Research (CPR).

But while that much might well be predictable, what too few companies are yet considering is that if the illegal Russian invasion of Ukraine is a flash point for the development and deployment of cyberattacks, those attacks, the techniques and the people behind them, are not going to stay contained in Ukraine indefinitely. While the physical invasion will go one way or the other, what is certain is that whenever you intensify an environment for the growth and development of cyberattacks, the attack methodologies and the people behind them will long outlast the hothouse environment.

Sergey Shykevich, Threat Intelligence Group Manager at Check Point predicts, “At the end of the conflict, whatever the outcome, these APT groups, hacktivists and individuals are not just going to disappear. Instead, they will turn their newfound expertise and tooling toward fresh targets, unleashing a tsunami of cyberattacks across the globe.”

That, in case you missed it, is why businesses should care.

The last few times there was a major international invasion-cum-war, the West was largely speaking the aggressor – the Gulf Wars were fought on the premise of retaliation for the Iraqi invasion of Kuwait, and the Afghanistan War or the so-called “War on Terror” was begun in response to the 9/11 terror attacks on US soil, and ended in what would in any other circumstances be described as failure, with the Taliban taking control of the country after 20 years of conflict. Given that the Gulf Wars took place 30 years ago, and that the West could be said to have lost the War on Terror, cyberattacks have never played a massively significant part in the conduct of modern warfare.

They do now.

War and Cyberwar

The invasion of Ukraine has quickly established cyberwarfare as an essential component of global conflict, both in terms of the propaganda battle and the actual conduct of military operations. If you can cripple your enemy’s systems with a cyberattack, you can arguably do more damage than you could with a mortar – with the added bonus that you don’t physically take innocent human lives in the process.

That has meant the whole nature of warfare has been intensified by hardships rendered possible by cyberattack. From Distributed Denial of Service (DDoS) attacks and website defacements to destructive critical infrastructure attacks, warfare has levelled up during the course of the Russian invasion of Ukraine.

In fact, just three days into the conflict in late February, Check Point noted a 196% increase in cyberattacks on Ukraine’s government and military sector, while Russia’s equivalent sector decreased by 8%. The difference is that Russia has implemented different measures to limit access to its resources from outside its borders, which make the execution of some of the attacks more difficult.

Corporate networks in Ukraine on the other hand have experienced over 1,500 cyberattacks a week on average – 25% more than before the conflict began.

The Russian campaign of cyberattacks has included state-sponsored APT groups conducting sophisticated operations ranging from critical infrastructure attacks to espionage missions. For the first time, there has also been observable coordination between cyberattacks and military assaults, as on March 1st, when a Russian missile assault on Kyiv’s TV tower coincided with a cyberattack designed to knock out the city’s broadcasting capabilities.

Specialization of Cyberattacks

Finance has been the most frequently and effectively targeted sector in both Russia and Ukraine since the invasion began, with communications (Russia) and military and government (Ukraine) equally troubling in second place.

To radically increase the number, frequency, and effectiveness of cyberattacks like this has taken the recruitment and deployment of a whole new army of “hacktivists,” as well as, in the case of Ukraine, a new generation of extremely motivated cyberdefenders. It’s also brought in pre-existing big players in the cyberattack plane, including Anonymous, which has declared war on Russia itself, and the Conti ransomware group, which has pledged to protect the Kremlin’s interests.

These cyber-battle lines only look impressive in the context of an ongoing invasion and an at-all-costs defence. When the Russian invasion eventually comes to an end, the cybersecurity space is likely to find itself significantly worse off. An army of pro-Ukraine hacktivists and the active cybercriminals currently fighting Russia’s cyber-battles, will have had their skills honed, and one way or the other, they will be set loose on the cyberattack black market, ready to use those skills for the highest bidder.

CPR says it’s already seen the beginnings of what that could mean, with attacks launched on NATO partners, as well as other nations that have come to Ukraine’s aid, increasing in both frequency and intensity.

Keeping The Lights On

But big hits like nation states are occasional, part-ideological targets. What gets cybercriminals and hackers out of bed in the morning are the monetized attacks that pay their bills and keep their lights on.

If you’re an enterprise with a sizeable turnover, that means you.

The ‘real-world’ analogy would be the stuff of a Die Hard movie. Forces specially trained for espionage who, in a peaceful world, attack a large corporate building for cash. Except these days, ransomware is much more effective than Alan Rickman, and it can hold enterprises up for huge sums from a distance, with much less likelihood of the hijackers getting caught.

The Russian invasion of Ukraine, and Ukraine’s fight to retain its independence, will – beyond all doubt – raise the threat level for cyberattacks on both government and commercial organizations globally. Given that we’ve seen cyberattacks rise astronomically in number in the last year in any case, companies need to be prepared for the likes of an inflationary effect as and when the invasion comes to an end and the hacktivists need to make a living.

Are You Ready?

That means companies everywhere need to start thinking in terms of a prevention-first cybersecurity strategy. That will involve evolving and emerging technologies and consolidated platforms. It will require real-time cross-platform global threat intelligence, and an ability to guard against both zero-day vulnerabilities and fifth-generation attacks.

Most companies are not yet ready to deploy that level of technology to resist an oncoming storm of post-invasion cyberattack.

The question is: is yours?