The ongoing war between Russia and Ukraine has impacted the cybersecurity landscape worldwide, causing a ripple effect. As the war enters its second year, its impact on cybersecurity continues to grow, and its ramifications are felt far beyond Ukraine's borders.
Cyberattacks in Ukraine
Ukraine has become a battleground for both cyber and kinetic attacks. The aggressor is employing highly sophisticated techniques to target military and governmental systems in the country. These attacks have taken various forms, ranging from the use of malicious software to phishing emails and other stratagems intended to steal confidential information or impede essential operations. The war has provided an opportunity for Russian hackers to refine their expertise and enhance their tactics. Consequently, they have acquired greater proficiency in executing attacks. This factor makes it more challenging for the Ukrainian government and companies to defend themselves against cyberattacks. Given the heightened risk of cyberattacks, it is crucial for all Ukrainians to be extremely careful when using the Internet and to adhere to Internet safety guidelines.
At the same time, we can say that the Russians failed to achieve their strategic goals. Realizing this, Russian-backed hackers have shifted their focus from disruptive attacks to cyber espionage in Ukraine. The ability to gain continued access to networks and quietly obtain new information is more valuable to threat actors now than causing temporary damage.
Impact on the Cybersecurity Industry
The war has had a momentous impact on the cybersecurity industry, as the demand for cybersecurity services and products has surged. Many cybersecurity companies have reported increased sales and revenue due to this trend. The driving force behind this demand can be attributed to the fact that governments have increased their expenditures on cybersecurity measures in response to the war.
The war between Russia and Ukraine has spurred the development of cybersecurity technologies, with one area experiencing notable progress: the development of AI and ML technologies. These innovative technologies are now more extensively used in the identification and neutralization of cyber threats. Moreover, a crucial focus has been on the establishment of secure communication channels to prevent interception and eavesdropping, highlighting the pressing need for secure data transmission in the context of contemporary cyber warfare.
The war has also highlighted the importance of cybersecurity in critical infrastructure, such as industrial control systems (ICS) and operational technology (OT). The conflict has directly impacted ICS and OT cybersecurity, with attacks targeting power grids, water treatment plants, and other essential systems. As a result, there has been a growing awareness of the need for improved security measures and greater collaboration between government, industry, and cybersecurity experts.
Cybercrime Ecosystem Shifts
The Eastern European cybercrime world has undergone significant changes as a result of military operations. The "brotherhood" of Russian-speaking criminals located in the Commonwealth of Independent States has been heavily impacted by insider leaks and group splintering due to nation-state allegiances being declared in support of or against Russia's war with Ukraine.
Russian cyber professionals are also leaving the country, due to conscription or migration to neighboring countries. As a result, highly organized (in the past) cybercriminal cartels are becoming more geographically scattered, making their relationships vaguer. This leads to groups losing key members. Security experts have already noticed a decline in activity on the Russian-language dark web and special-access forums. Furthermore, the US government's efforts to combat criminal ransomware groups have also aided in reducing criminal activity. The arrests, takedowns, and seizures of some of these groups have caused unrest in the shadow economy, and sanctions have cut off some of their income, resulting in a decrease in total collections.
The Russia-Ukraine conflict's implications extend beyond Europe, with Asia also at risk of becoming a battleground for cyberattacks. Russia's expanding influence and power may prompt it to target Asian countries with cyber espionage or other forms of attacks. The potential consequences for the region's economies and security are severe, and a coordinated global response is necessary to combat this growing threat.
The conflict may potentially affect China's cyber activities through the exchange of tactics and tools between Russia and China, given that both nations have a history of cyber espionage and have previously been accused of sharing their respective tools and techniques with one another.
The war is also leading to a resurgence in hacktivism - particularly crowdsourced hacktivism. Cyber-attackers on both sides of the conflict have been launching attacks, making hacktivists a significant threat to most businesses in terms of the probability and impact of attacks on business operations. For example, since the beginning of the war, the global banking industry has been under siege. Russian hacktivists have substantially increased distributed denial-of-service (DDoS) attacks on European banks, which are often the primary method of cyberwarfare for cybercriminals. The presumed connections between some hacktivist groups and Russian intelligence services will only boost their resources and technical capabilities. Businesses should prepare for an increase in attacks and take measures to secure their digital infrastructure.
Positive Things
Warnings about potential cyber threats coming from Russian hackers and catastrophic scenarios generate more excitement and hype compared to careful analysis of the complex nature of cyber operations and their actual track record. While cyber-attacks have the potential to cause significant disruptions to individuals and companies, such as in the case of the NotPeya attack, it is important to note that the impact of these attacks is often overhyped. In fact, despite the warnings and fears of cyber warfare, little of the Russian state's hacking activity has risen to the level of strategic significance.
At the war's start, state-sponsored hackers and criminal counterparts were easily distinguished. A year later, allegiance declarations blurred the line between the two. It became clear who is who now. The identification of specific threat groups and their tools will lead to more effective measures being taken to combat cyber threats, including better coordination between law enforcement agencies and the cybersecurity community and the use of offensive cyber measures to disrupt hostile cyber operations.
The conflict has prompted greater cyber cooperation between governments and cybersecurity companies, leading to increased sharing of threat intelligence and other crucial information.
As a result of the ongoing war, public awareness of cybersecurity has increased. Organizations of all sizes have become increasingly conscious of the cybersecurity threats posed by the ongoing conflict, prompting them to take proactive measures to address vulnerabilities and safeguard their networks.
About the author: Alex Vakulov is a cybersecurity researcher based in Kyiv, Ukraine, with over 20 years of experience in malware analysis. Alex has strong malware removal skills. He is writing for numerous tech-related publications sharing his security experience.
