Without bombs or weapons, will Ukraine witness the first global cyber war?

Russia has sent more than 100,000 soldiers to its border with Ukraine, threatening to launch an all-out war in Europe that may be the largest since World War II.

Although there hasn't been any shooting yet, electronic operations are already underway.

In mid-January, hackers disrupted access to several Ukrainian government websites, raising concerns about more serious cyber attacks that would disrupt the lives of ordinary Ukrainians (1).

Hackers targeting hospitals, power utilities and the financial system were rare until recently, but organized cybercriminals, many of whom live in Russia, have aggressively pursued institutions in the past two years using ransomware and data freezes that did not spare even hospital patients.

In some cases, these extortion attacks have resulted in the death of patients, according to litigation reports, media reports, and medical professionals (1).

It didn't stop there. In mid-January, hackers contaminated the websites of more than 70 government agencies, and installed malware that erased and destroyed data in at least two Ukrainian government agencies.

While Russia has insisted on denying its connection to the attacks, preventive preparations in Europe are in full swing, while Western institutions are raising levels of alert to counter cyber attacks (2).

So what exactly is happening?

Should we be concerned about the expansion of cyberwars?

Unlimited aggression

In 2014, Russia embarked on the first act of its military conquest of Ukraine when it occupied and annexed Crimea.

Since then, the European country has been the target of several high-level Russian cyber attacks.

The most famous of these attacks, in December 2015, cut off lights and electricity for 225,000 people in western Ukraine, after hackers sabotaged power distribution equipment, complicating attempts to restore electricity.

Dmitriy Alperovich, former executive director of cybersecurity at CrowdStrike, expects cyber attacks to intensify again if Russia tries to attack Ukraine again, but he expects the attacks to be disruptive rather than fatal.

But what really worries cyber security experts is that these attacks could expand to pose a threat to the entire world.

In this context, the US Cybersecurity and Infrastructure Security Agency (CISA) has warned digital infrastructure operators of the risks of failing to take "urgent and short-term steps" against cyber threats, citing recent attacks against Ukraine as a reason to remain alert to potential threats against the United States. .

The agency also noted two cyber attacks dating back to 2017, "NotPetya" and "WannaCry", which got out of control and quickly spread across the Internet, causing billions of dollars in losses worldwide.

Both attacks, disguised as ransomware, occurred in 2017, and the WannaCry attack, the most famous yet less virulent, infected 230,000 electronic devices in 70 countries around the world, including Britain's health services and Spain's energy and tourism services. The US Postal Service and others.

Commenting on this, John Holtquist, head of intelligence at cybersecurity firm Mandiant, says: “Aggressive cyber operations are tools that can be used before bullets and missiles are fired.”

It is precisely for this reason that it is a tool that can be used against the United States and its allies as the situation deteriorates further, especially if the United States and its allies take a more aggressive stance against Russia.

This seems increasingly possible.

President Joe Biden said during a January 19 press conference that the United States could respond to future Russian cyberattacks against Ukraine with its own cyber capabilities, raising the specter of a conflict spreading.

Even Arab countries will not be immune to this spread, which is probably what prompted the UAE to sign an agreement with Mandiant itself, to improve the response to cyber threats.

bloodless war

The biggest problem with cyber attacks is that they are somewhat contagious.

Malicious code is available to everyone, is constantly being developed by different groups, and is reused in attacks of varying levels and for different reasons, which means that a Russian attack on Ukraine, for example, could inspire an Iranian attack on a Gulf country.

Unlike old wars, electronic warfare does not recognize borders and can easily get out of control.

For example, the 2017 “NotPetya” cyber attack that Moscow ordered was initially directed at Ukrainian private companies before spreading and destroying systems around the world.

Disguised as ransomware, NotePetia was a highly destructive and widespread piece of code.

Laptop screen showing part of a code, a component of the Petya computer virus malware according to representatives of the Ukrainian cybersecurity firm ISSP

Ultimately, Not Petya caused a shortage of shipping ports, leaving many multinational giants and government agencies unable to operate.

Almost everyone who has done business with Ukraine has been affected because the Russians have secretly poisoned the software used by everyone who pays taxes or does business in the country.

The White House has concluded that the attack caused global damage of more than $10 billion, calling it "the most destructive and costly cyber attack in history."

Since 2017, there has been an ongoing debate about whether the international casualties were just unintended collateral damage, or whether the attack was aimed at all companies that do business with Russia's enemies, but what no one disputes is that it is likely to happen again, which it did. In last month's attack, a software known as WhisperGate was launched.

As with its predecessor, WhisperJet masqueraded as ransomware while aiming to destroy key data in such a way that infected devices would be inoperable.

Experts say that WhisperJet is similar to NotePetia in the way it destroys, but it is less destructive and less able to spread as well.

As usual, Moscow denied any connection to the attack (3).

But regardless of Russia's admission of responsibility, Holtquist predicts that we will witness cyber operations from the Russian Military Intelligence Agency (GRU), the organization behind many of the most aggressive hacks ever, inside and outside Ukraine.

The Russian agency operates the world's most famous hacking group, Sandworm, which is responsible for a long list of greatest hits, including the 2015 hack of Ukraine's power grid, the 2017 NotPetya hack, and interference in the US election. And the French, breakthrough Olympic opening ceremony in the aftermath.

The United States clearly monitors these Russian capabilities well (4), with US President Joe Biden recently stating that Russia has a "long history" of using measures other than overt military action to carry out aggression, from paramilitary tactics to cyberattacks.

"We have to be ready to respond decisively as well," Biden said, and it is clear that Washington has already begun preparing the response, at least on the defensive front.

On January 11, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert titled “Understanding and Mitigating Russian State-Sponsored Cyber ​​Threats to Critical U.S. Infrastructure,” which addressed proposed guidelines for dealing with potential Russian cyber attacks on U.S. infrastructure. .

And this is just the beginning.

Cyber ​​war is inevitable, and unfortunately you are not isolated from it.

You may be sitting at home following the Facebook homepage and finding that your salary has been withdrawn from the bank, or that your computer that carries all your work refuses to respond, or that the electricity has been cut in ten cities in your country, just because two forces at a distance of thousands of kilometers are fighting together at the moment.

—————————————————————————————————————————————————————————————

Sources