No Such Thing as a "Surgical" Cyberattack | Russia/Ukraine CyberDigest #3

On June 27, 2017, far from the current conflict in Ukraine, a ransomware attack dropped in the country. A malware named NotPetya targeted 80 companies throughout the nation, including the National Bank of Ukraine.

By the time experts were wrapping their heads around what had happened, the attack had spread. In the end, it went global, with total losses calculated at over $10 billion. FedEx estimated losses of $400M.

Like drone strikes in physical warfare, cyber warfare cannot contain damages to a specific area. Even worse: due to the nature of supply-chain attacks, the reach of a "surgical" attack turns global.

Given the growing scale of the current conflict on the Russian-Ukrainian border, this war is already happening on a global theater without mobilizing more than two armies.

The first official "spillover."

On February 24, Visasat reported that over 9,000 satellite internet subscribers went dark due to a cyberattack on Ukraine. Ukrainians were among the affected customers, and French, Germans, Italians, etc.

How does that affect cyber warfare?

For one, the unpredictability of such attacks and not knowing where they can spill over means they can trigger hostilities against nations outside the conflict. Being so, Russia can't risk open cyber warfare against Ukraine. Again, so such thing as a "surgical" cyberattack.

No Patch Tuesdays for Russia?

How about this cyber guerrilla tactic? If you think that cybersecurity relies heavily on updated platforms and software, maybe we should cut Russia's security patches? That would definitely be helpful during the Log4j days.

Russian hackers have gone Phishing (more than usual)

Needless to say, Phishing is the most effective tactic to start a ransomware attack. And in a conflict where cyberattacks take center stage, it is no surprise that phishing emails are rising.

Check Point reports that phishing emails in the East Slavic language saw a 7-fold increase in the last 5 weeks. If you look only at the previous week, you'll see how cyber warfare has definitely entered the conflict.

Consequently, Ukraine's Computer Emergency Response Team (CERT-UA) is issuing warnings about phishing attacks aimed at Ukrainian citizens to capture sensitive information. Although the attacks come from Indian IPs, the CERT-UA reports that the hijacked email accounts are used by Russian agents to carry out cyberattacks.

In the social media trenches, the fight against misinformation and the battle for access to information.

Although one of the primary Russian weapons in cyberspace is disinformation (one that's having less and less success against journalists, citizens, and fact-checkers), its government is fighting hard to contain how information spreads around the country.

In the last few days, Russian authorities announced a block on Facebook. Twitter is reporting its service is only "partially accessible" in the country.

Putin passed the fake news law to boost the internal pressure, which punishes people with fines or up to 15 years behind bars for spreading "false information" about Russia's military or for publicly calling for sanctions on Russia.

TikTok was the first to respond, blocking its service in Russia to assess the new law's implications.

And other social media giants are working hard to block pro-Russia outlets from spreading false information on their pages. Facebook is blocking fake personas and news websites passing as "independent news sources.".

---

As usual, there are many more stories and reports to tell here. If you want to check out the previous digests, here's #1 and #2. If you wish to contribute, leave a comment here or send a message to our page.