Ukraine–Russia Cyberconflict
Context:
- Cyberattacks are not new to Ukraine. They have been part and parcel of its conflict with Russia from the first crisis in 2017, with the ebb and flow of such attacks in sync with escalation in the border conflict.
- The current crisis has been no different with the initiation of the crisis itself being marked by an escalation in the intensity of these attacks
Background:
- The first ransomware attacks using a hitherto unknown malware, WhisperGate, was reported on 14 January 2022 and has continued ever since, with the most recent attacks having taken the websites of the Ministry of Defence and two banks offline.
- Australia, along with the United Kingdom and the United States publicly attributed these attacks to the Russian Main Intelligence Directorate (GRU).
- For its part, Russia has consistently denied that cyberattack has emanated from its territory
- The first reports of cyberattacks in Ukraine appeared on 14 January and this took the form of website defacements of government agencies and the destruction of data using wiper software.
- Called WhisperGate by Microsoft researchers, the malware bore resemblance to the NotPetya malware used in the 2017 cyberattacks on Ukraine, but “with added functionalities”.
- These additional functionalities were added to overcome any new protections that had been built into systems following the earlier attacks.
- According to CISCO security researchers, the attackers were advanced persistent threat (APT) actors, probably present for months or years in these systems which they would have accessed through credentials obtained through spear-phishing.
- Like the NotPetya malware, WhisperGate also masquerades as ransomware, with a fake ransom note warning that the user’s hard drive had been corrupted and would be restored only on payment of US$ 10,000 via bitcoin.
Cyber Threat to The West:
- With the US and European countries threatening sanctions against Russia, there is a justified concern that these attacks would be directed against those countries as well.
- Many countries, including Poland, Lithuania, the UK, and the US have issued advisories.
- A detailed advisory jointly brought out by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) on 11 January detailed the steps various organisations could take to heighten their security posture and protect their critical assets.
- Organisations were also urged to lower their thresholds for reporting suspicious cyber activity to government agencies in subsequent advisories.
Way Forward:
- The fact of the matter is that while countries are publicly professing the goal of stable cyberspace, there is frenetic activity going on behind-the-scenes to ramp up offensive capabilities, the severity of which can be adjusted according to need.
- The fact that the issue of cyberattacks continues to be in a grey zone from the perspectives of the perpetrator, the victim, and the bystander emboldens the former to continue with these attacks unabated.
- The sooner one faces up to the changing realities and adjusts policies and capabilities accordingly, the better it would be.
Source The Hindu