Thursday, March 03, 2022

Why Russia Hasn't Launched Major Cyber Attacks Since the Invasion of Ukraine

Josephine Wolff
TIME
Wed, March 2, 2022

In this photo illustration, a warning message in Ukrainian, Russian and Polish languages is displayed on a smartphone screen. Hackers carried out attacks on several Ukraine's government websites, including the Ministry of Foreign Affairs, the Ministry of Education and Science, the State Service for Emergency Situation and others, reportedly by local media. This attack, on Ukrainian government web resources is the largest in the last four years. 
Credit - Photo Illustration by Pavlo Gonchar-SOPA Images/LightRocket

In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. In 2015, Russian government hackers breached the Ukrainian power grid, leading to widespread outages. In 2017, Russia deployed the notorious NotPetya malware via Ukrainian accounting software and the virus quickly spread across the globe costing businesses billions of dollars in damage and disruption. In the months that followed the NotPetya attacks, many people speculated that Ukraine served as a sort of “testing ground” for Russia’s cyberwar capabilities and that those capabilities were only growing in their sophistication and reach.

As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components—the United States Department of Homeland Security even issued a warning to businesses to be on high alert for Russian cyberattacks, as did the U.K.’s National Cyber Security Centre. What is surprising is that—so far, at least—the devastating Russian cyberattacks everyone has been expecting have yet to materialize. There’s no guarantee, of course, that a large-scale cyberattack on Ukraine’s electrical grid or global banks or anything else isn’t just around the corner. Russia has proven time and again that it has few compunctions about targeting critical infrastructure and causing considerable collateral damage through acts of cyber aggression.

But as the invasion continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. For instance, many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks, in which hackers bombard Ukrainian government websites and servers with so much online traffic that those servers cannot respond to legitimate users and are forced offline for some period of time. Denial-of-service attacks can be effective for short-term disruptions but they’re hardly a new or impressive cyber capability—in fact, they’re what Russia used to target Estonia more than a decade ago in 2007. Moreover, launching these types of attacks requires no sophisticated technical capabilities or discovery of new vulnerabilities, and they typically have fairly contained impacts on the specific, targeted computers. Similarly, recent reports that Belarusian hackers are trying to phish European officials using compromised accounts belonging to Ukrainian armed services members suggests that not only are these efforts relying on fairly basic tactics like phishing emails, they are not even being carried out by Russian military hackers directly.

Read More: The World Is Watching Russia Invade Ukraine. But Russian Media Is Telling a Different Story

Somewhat more worryingly, Russia has also used wiper malware to delete data held by Ukrainian government agencies and Microsoft has also reportedly detected wiper programs attributed to Russia in recent weeks and shared that information with the U.S. government as well as other countries concerned about Russian cyberattacks. NotPetya was a form of wiper malware and its ability to delete data caused massive damage, so the discovery of new Russian wipers is certainly cause for concern. But unlike NotPetya, the wiper programs that have been the focus of the latest wave of alerts—including the FoxBlade program identified by Microsoft—have shown little ability to spread quickly via common, difficult-to-patch vulnerabilities like the EternalBlue vulnerability in Microsoft Windows that NotPetya exploited back in 2017.

It’s likely that the combined efforts of Microsoft, the U.S., and many other countries and companies to ramp up cyber defenses both in and outside of Ukraine has undoubtedly helped curb the damage caused by these efforts. But if Russia really had on hand a stockpile of previously undetected vulnerabilities and sophisticated malware designed to exploit them, these lines of defense simply would not be enough to prevent some significant damage and disruption. Updating critical infrastructure networks and systems is slow, expensive, complicated work and it’s impossible that every potential target has been hardened to the point where it is no longer vulnerable to Russian cyberattacks—unless those cyberattacks were never all that impressive to begin with.

Moreover, many of the early theories for why Russia might have voluntarily abstained from more serious cyberattacks look increasingly implausible as the conflict continues for an extended period. For instance, one explanation for why Russia left Ukrainian electricity distribution and communication networks intact was that Putin wanted the rest of the world to see Russia’s swift, decisive victory in Ukraine via a steady stream of images and videos that might have been hampered by such an attack. But as it becomes increasingly clear that no swift, decisive victory is forthcoming, it makes less sense that Russia would continue to leave that infrastructure untouched unless they were truly unable to take it out. This interpretation seems further supported by the Russian decision to strike a TV tower in Kyiv, rather than trying to disrupt media and communications systems more effectively and less violently via cyber capabilities.

Read More: Ukraine’s Secret Weapon Against Russia: Turkish Drones

Given Russia’s past willingness to deploy cyberattacks with far-reaching, devastating consequences, it would be a mistake to count out their cyber capabilities just because they have so far proven unimpressive. And it’s all but impossible to prove the absence of cyber weapons in a nation’s arsenal. But the longer the conflict goes on without any signs of sophisticated cyber sabotage, the more plausible it becomes that the once formidable Russian hackers are no longer playing a central role in the country’s military operations—whether because they no longer have the resources they once did to purchase and develop tools for computer intrusion and exploitation, or because the government can no longer attract and retain technical talent, or simply because Russia has decided that cyberattacks, for all the damage they can do, are not an effective means of achieving its larger goals in Ukraine.

Of course, even if Russia has no particularly sophisticated cyber weapons to fall back on right now, that doesn’t mean they won’t go on to develop some new ones in the future. But the current lack of any significant cyber conflict is an important reminder of how little we actually know about any country’s cyber capabilities. Many of our beliefs about which countries have the most impressive hacking tools and Russia’s cyber dominance are based on incidents several years in the past—and an awful lot can change in just a few years.

Ukrainian cyber resistance group targets Russian power grid, railways


Tue, March 1, 2022, 
By Joel Schectman, Christopher Bing and James Pearson

WASHINGTON (Reuters) -A Ukrainian cyber guerrilla warfare group plans to launch digital sabotage attacks against critical Russian infrastructure such as railways and the electricity grid, to strike back at Moscow over its invasion, a hacker team coordinator told Reuters.

Officials from Ukraine's defense ministry last week approached Ukrainian businessman and local cybersecurity expert Yegor Aushev to help organize a unit of hackers to defend against Russia, Reuters previously reported.

On Monday, Aushev said he planned to organize hacking attacks that would disrupt any infrastructure that helps bring Russian troops and weapons to his country.

"Everything that might stop war," he told Reuters. "The goal is to make it impossible to bring these weapons to our country."

Aushev said his group has already downed or defaced dozens of Russian government and banking websites, sometimes replacing content with violent images from the war. He declined to provide specific examples, saying it would make tracking his group easier for the Russians.

Russia calls its actions in Ukraine a "special operation" that it says is not designed to occupy territory but to destroy its southern neighbor's military capabilities and capture what it regards as dangerous nationalists.

A Ukrainian defense attache in Washington declined to comment on Aushev's group or its relationship with the defense ministry. Aushev said his group has so far grown to more than 1,000 Ukrainian and foreign volunteers.

The group has already coordinated with a foreign hacktivist organization that carried out an attack on a railway system.

After word spread of the formation of Aushev's team, the Belarusian Cyber Partisans, a Belarus-focused hacking team, volunteered to attack Belarusian Railways because they said it was used to transport Russian soldiers.

The Cyber Partisans disabled the railway's traffic systems and brought down its ticketing website, Bloomberg News reported on Sunday.

On Monday, a Cyber Partisans spokeswoman told Reuters the group carried out those attacks and confirmed her organization was now working with Aushev's group.

The spokeswoman said because her group had brought down the reservation system, passengers could only travel by purchasing paper tickets in person. She sent Reuters a photo of a paper, handwritten ticket issued on Monday.

"We fully side with Ukrainians," she said. "They are now fighting for not only their own freedom but ours too. Without an independent Ukraine, Belarus doesn’t stand a chance."

Reuters could not confirm attacks against the Belarus railway's traffic system. The company's reservation website was down on Tuesday afternoon. A railway spokesperson did not respond to a request for comment.

Officials at the Russian embassy in Washington did not immediately respond to a request for comment.

Russian foreign ministry spokeswoman Maria Zakharova told a Russian news outlet on Tuesday that Russian embassies were under cyberattack by "cyber terrorists from Ukraine."

Beyond striking back at Moscow, Aushev said his team would help Ukraine's military hunt down undercover Russian units invading cities and towns.

He said his group had discovered a way to use cellphone tracking technology to identify and locate undercover Russian military units moving through the country, but declined to provide details.

Russian troops are reportedly using commercial cell phones in Ukraine to communicate, multiple media outlets reported.

Over the last week, numerous Russian government websites have been publicly interrupted by reported distributed denial of service (DDoS) style attacks, including one for the office of President Vladimir Putin.

(Reporting by Joel Schectman and Christopher Bing from Washington, and James Pearson from LondonEditing by Kieran Murray and David Gregorio)

No comments:

Post a Comment