Thu Feb 24

Russia is using an onslaught of cyber attacks to undermine Ukraine's defence capabilities

Written by: Mamoun Alazab, Associate Professor, Charles Darwin University

As Ukrainian cities come under air attack from Russian forces, the country has also suffered the latest blows in an ongoing campaign of cyber attacks. Several of Ukraine’s bank and government department websites crashed on Wednesday, the BBC ^[1] reports.

The incident follows a similar attack just over a week ago ^[2], in which some 70 Ukrainian government websites crashed. Ukraine and the United States squarely blamed Russia.

With a full-scale invasion now evident ^[3], Ukraine can expect to contend soon with more cyber attacks. These have the potential to cripple infrastructure, affecting water, electricity and telecommunication services – further debilitating Ukraine as it attempts to contend with Russian military aggression.

A critical part of Russia’s operations

Cyber attacks fall under the traditional attack categories of sabotage, espionage and subversion.

They can be carried out more rapidly than standard weapon attacks, and largely remove barriers of time and distance. Launching them is relatively cheap and simple, but defending against them is increasingly costly and difficult.

After Russia’s withdrawal from Georgia in 2008, President Vladimir Putin led an effort to modernise the Russian military ^[4] and incorporate cyber strategies. State-sanctioned cyber attacks have since been at the forefront of Russia’s warfare strategy.

The Russian Main Intelligence Directorate (GRU) typically orchestrates these attacks. They often involve using customised malware (malicious software) to target the hardware and software underpinning a target nation’s systems and infrastructure.

Among the latest attacks ^[5] on Ukraine was a distributed denial of service (DDoS) attack.

According to Ukraine’s minister of digital transformation, Mykhailo Fedorov, several Ukrainian government and banking websites went offline as a result. DDoS attacks use bots to flood an online service, overwhelming it until it crashes, preventing access for legitimate users.

A destructive “data-wiping” software has also been found circulating on hundreds of computers in Ukraine, according to reports ^[6], with suspicion falling on Russia.

On February 15, Ukraine’s cyber police said citizens were receiving fake text messages claiming ATMs had gone offline (although this wasn’t confirmed). Many citizens scrambled to withdraw money, which caused panic ^[7] and uncertainty.

Ongoing onslaught

In December 2015, the GRU targeted Ukraine’s industrial control systems networks with destructive malware. This caused power outages in the western Ivano-Frankivsk region. About 700,000 homes were left without power for about six hours.

This happened again in December 2016. Russia developed a custom malware called CrashOverride ^[9] to target Ukraine’s power grid. An estimated one-fifth of Kiev’s total power capacity was cut ^[10] for about an hour.

More recently, US officials charged six Russian GRU officers ^[11] in 2020 for deploying the NotPetya ransomware. This ransomware affected computer networks worldwide, targeting hospitals and medical facilities in the United States, and costing more than US$1 billion in losses.

NotPetya was also used against Ukrainian government ministries, banks and energy companies, among other victims. The US Department of Justice called it “some of the world’s most destructive malware to date”.

Another Russia-sponsored attack ^[12] that began as early as January 2021 targeted Microsoft Exchange servers. The attack provided hackers access to email accounts and associated networks all over the world, including in Ukraine, the US and Australia.

Russia’s 2008 invasion of Georgia was accompanied by a well-coordinated cyber attack run by state-sponsored hackers. These were primarily DDoS attacks that forced a number of Georgian government and commercial websites offline. Getty Images

International cyber aid

Ukraine faces serious risks right now. A major cyber attack could disrupt essential services and further undermine national security and sovereignty.

The support of cyber infrastructure has been recognised as an important aspect of international aid. Six European Union countries ^[13] (Lithuania, Netherlands, Poland, Estonia, Romania and Croatia) are sending cyber security experts to help Ukraine deal with these threats.

Australia has also committed to providing cyber security assistance to the Ukrainian government, through a bilateral Cyber Policy Dialogue. This will allow for exchanges of cyber threat perceptions, policies and strategies. Australia has also said it will provide cyber security training ^[14] for Ukrainian officials.

The international implications of the Russia-Ukraine situation have been noted. Last week New Zealand’s National Cyber Security Centre released a General Security Advisory ^[15] encouraging organisations to prepare for cyber attacks as a flow-on effect of the crisis.

The advisory provides a list of resources for protection and strongly recommends that organisations assess their security preparedness against potential threats.

The Australian Cyber Security Centre has since issued similar warnings ^[16].

Evading responsibility

Historically, Russia has managed to evade much of the responsibility for cyber attacks. In conventional warfare, attribution is usually straightforward. But in cyberspace it is very complex, and can be time-consuming and costly.

It’s easy for a country to deny its involvement in a cyber attack (both Russia and China routinely do so). The Russian embassy in Canberra has also denied involvement ^[17] in the latest attacks against Ukraine.

One reason plausible deniability can usually be maintained is because cyber attacks can be launched from an unwitting host. For example, a victim’s compromised device (called a “zombie” device) can be used to continue a chain of attacks.

So while the operation may be run by the perpetrator’s command and control servers, tracing it back to them becomes difficult.