As Ukrainian cities come under air attack from Russian forces, the country has also suffered the latest blows in an ongoing campaign of cyberattacks. Several of Ukraine’s bank and government department websites crashed on Wednesday, the BBC reported.
The incident follows a similar attack just over a week ago, in which some 70 Ukrainian government websites crashed. Ukraine and the United States squarely blamed Russia.
With a full-scale invasion now evident, Ukraine can expect to contend soon with more cyberattacks. These have the potential to cripple infrastructure, affecting water, electricity and telecommunication services – further debilitating Ukraine as it attempts to contend with Russian military aggression.
A critical part of Russia’s operations
Cyberattacks fall under the traditional attack categories of sabotage, espionage and subversion.
They can be carried out more rapidly than standard weapon attacks and largely remove barriers of time and distance. Launching them is relatively cheap and simple, but defending against them is increasingly costly and difficult.
After Russia’s withdrawal from Georgia in 2008, President Vladimir Putin led an effort to modernize the Russian military and incorporate cyber strategies. State-sanctioned cyberattacks have since been at the forefront of Russia’s warfare strategy.
The Russian Main Intelligence Directorate (GRU) typically orchestrates these attacks. They often involve using customized malware (malicious software) to target the hardware and software underpinning a target nation’s systems and infrastructure.
Among the latest attacks on Ukraine was a distributed denial of service (DDoS) attack.
According to Ukraine’s minister of digital transformation, Mykhailo Fedorov, several Ukrainian government and banking websites went offline as a result. DDoS attacks use bots to flood an online service, overwhelming it until it crashes, preventing access for legitimate users.
A destructive “data-wiping” software has also been found circulating on hundreds of computers in Ukraine, according to reports, with suspicion falling on Russia.
On February 15, Ukraine’s cyber police said citizens were receiving fake text messages claiming ATMs had gone offline (although this wasn’t confirmed). Many citizens scrambled to withdraw money, which caused panic and uncertainty.
In December 2015, the GRU targeted Ukraine’s industrial control systems networks with destructive malware. This caused power outages in the western Ivano-Frankivsk region. About 700,000 homes were left without power for about six hours.
This happened again in December 2016. Russia developed a custom malware called CrashOverride to target Ukraine’s power grid. An estimated one-fifth of Kiev’s total power capacity was cut for about an hour.
More recently, US officials charged six Russian GRU officers in 2020 for deploying the NotPetya ransomware. This ransomware affected computer networks worldwide, targeting hospitals and medical facilities in the United States, and costing more than US$1 billion in losses.
NotPetya was also used against Ukrainian government ministries, banks and energy companies, among other victims. The US Department of Justice called it “some of the world’s most destructive malware to date.”
Another Russia-sponsored attack that began as early as January 2021 targeted Microsoft Exchange servers. The attack provided hackers access to email accounts and associated networks all over the world, including in Ukraine, the US and Australia.
International cyber aid
Ukraine faces serious risks right now. A major cyberattack could disrupt essential services and further undermine national security and sovereignty.
The support of cyber-infrastructure has been recognized as an important aspect of international aid. Six European Union countries (Lithuania, Netherlands, Poland, Estonia, Romania and Croatia) are sending cyber security experts to help Ukraine deal with these threats.
Australia has also committed to providing cyber security assistance to the Ukrainian government, through a bilateral Cyber Policy Dialogue. This will allow for exchanges of cyber threat perceptions, policies and strategies. Australia has also said it will provide cyber security training for Ukrainian officials.
The international implications of the Russia-Ukraine situation have been noted. Last week New Zealand’s National Cyber Security Centre released a General Security Advisory encouraging organizations to prepare for cyberattacks as a flow-on effect of the crisis.
The advisory provides a list of resources for protection and strongly recommends that organizations assess their security preparedness against potential threats. The Australian Cyber Security Centre has since issued similar warnings.
Historically, Russia has managed to evade much of the responsibility for cyber attacks. In conventional warfare, attribution is usually straightforward. But in cyberspace, it is very complex and can be time-consuming and costly.
It’s easy for a country to deny its involvement in a cyberattack (both Russia and China routinely do so). The Russian embassy in Canberra has also denied involvement in the latest attacks against Ukraine.
One reason plausible deniability can usually be maintained is that cyberattacks can be launched from an unwitting host. For example, a victim’s compromised device (called a “zombie” device) can be used to continue a chain of attacks.
So while the operation may be run by the perpetrator’s command and control servers, tracing it back to them becomes difficult.