OSIRIS Brief 1.24.0
Russia is hacking Ukraine; lots of people are hacking Russia back; there may be spillover.
Russian Hackers attack Ukrainian Targets
Most observers expect the war in Ukraine to contain a substantial cybersecurity component. Despite the attention paid to the subject, shockingly little specific information about hacks has been made public. The first clear indication of cyberattacks came when Russian hackers attacked Ukrainian banks just before invading the country. We now have two additional specific and public examples of Russian hacking in Ukraine.
First, Microsoft detected new fake ransomware, that Microsoft has dubbed WhisperGate, on January 15th. WhisperGate masquerades as ransomware, even displaying false requests for ransom, but deletes the files it claims to have encrypted. WhisperGate is like NotPetya, which also feigned being ransomware but which deleted files.
As the invasion began, ESET announced it had discovered another wiper ESET has dubbed “HermeticWiper.” At least one other variant of HermeticWiper has been found in the wild, implying that hackers continue to update their toolkit. The FBI and CISA have issued a joint warning about HermeticWiper and WhisperGate. So far the bulk of victims of HermeticWiper and WhisperGate have been inside Ukraine.
Limited Spillover from Ukraine So Far
So far, public spillover from the Russo-Ukrainian War has been minimal, but we already have two speculated examples. British Airways had to cancel half a day’s worth of flights because of technological difficulties, but there is no indication cyberattacks were responsible. A cyberattack on Toyota halted production in several factories, but we still have no public attribution of who was responsible for the attacks. In neither instance is there a reason to believe the attacks were accidental spillover.
We should be grateful for the limited spillover so far. Nearly every cyberwatcher, including this newsletter, have warned that war in Ukraine increases cyberthreats. It is possible Russian hackers are simply better at being selective than they have been in the past. Hopefully, we are also witnessing better cybersecurity preventing spillover. It is too soon to tell if selective offense or competent defense better explains the comparatively quiet cyberfront.
Open Season on Russian Online Targets
Hackers have taken to the internet to prosecute Ukraine’s cause online. The “Anonymous” hacker collective has gone so far as to declare war on Russian forces. Other vigilante hackers are prosecuting a war against Russian targets online without known support from any organization. Pro-Ukraine hackers join pro-Russian hackers competing in cyberspace. Although it seems Ukraine is generally more favorably viewed globally, it remains to be seen if such positive views will benefit Ukraine.
Increasingly, non-state actors are important in interstate competition. Self-declared cyberwarriors certainly harm individuals’ interests and may harm war prosecution. Cybersecurity businesses are vital elements of cybersecurity, and―as noted above―disclosed Russian online operations against Ukraine. Actors outside belligerent governments’ control may add to a state’s power, but also complicate already complicated calculations.
Noteworthy
Potential cybersecurity impacts of Russia’s invasion of Ukraine by Ruiz
Are You Prepared for Russian Cyberwarfare Attacks? by Laufer
Common Types of Malware by Fox
The Urgency To Cyber-Secure Space Assets by Brooks
Balancing Security Requirements and User Experience in the Future of Work by Steel
David Benson is a Professor of Strategy and National Security focusing on cyberstrategy and international relations. You can reach him at dbenson@osiriscodex.com.
To get more insightful analysis like this in your inbox at no cost please subscribe.
Ask a question! Raise an objection! Leave a comment!