Ukraine conflict’s impact on cyber landscape and potential threats

The Ukraine conflict has influenced the cyber landscape and polarised the world of hackers and cyber professionals (Credits: Sebastiaan ter Burg, CC BY-SA 2.0, via Wikimedia Commons)

Geopolitical Report ISSN 2785-2598 Volume 19 Issue 6
Author: Giuliano Bifolchi

Recent cyber-attacks against Italian government websites highlighted the Ukraine conflict’s impact on the cyber landscape and possible future threats to Europe and Russia’s public institutions and private businesses.

Since the beginning of the conflict, both Russia and Ukraine have conducted cyber operations and attacks against their opponents to neutralise their official websites, collect valuable information and spread their messages. After the beginning of the Russian military operation in Ukraine, the famous hacker collective Anonymous started fighting against the Russian Federation to support the Ukrainian side and push the Kremlin to stop the conflict.

In the last few days, Anonymous and the Ukrainian IT Army have continued to attack Russian organisations. According to Anonymous’s Twitter account, since the beginning of the conflict and the linked “cyberwar”, the collective has published about 5,8 TB of Russian data.[1] Recently, Anonymous and the Ukrainian IT Army have attempted to affect the distribution of alcohol in the Russian Federation,[2] negatively influencing the system of fast payments of Sberbank, VTB, Tinkoff Bank and Promsvyazbank and compromising the normal functions of the Russian videogames platform RuTube.[3]

On the other side, the Russian IT Army and hacker collectives such as Killnet have attacked Ukrainian and European organisations and official websites, threatening to shut down ventilators in UK hospitals.[4] Indeed, on May 10th, 2022, the head of the UK Government Communications Center, Jeremy Fleming, said that Russian hackers are involved in attacks against Western countries that support Ukraine. Although the expected full-blown cyberwar between Russia and Ukraine has yet to erupt, Fleming said there is still a “fair amount” of conflict-related activity in cyberspace.[5] On the same day, the United States and the European Union have also formally blamed Russia for a series of devastating data-erasing malware infections on Ukrainian government and private sector networks and said they would “take steps” to defend against and respond to Kremlin-sponsored attacks.[6]

On May 11th, 2022,  according to local and international sources, the pro-Russian hacker collective Killnet published a series of Internet addresses on its Telegram channel that would have been violated, with the indication “Attack against Italy”. The list of the websites included the Senate, the Defence Minister, the High School of Lucca, the Istituto Superiore di Sanità (High Health Institute), Compass Bank, Infomedix and ACI (Italian Automobile Club). According to the official report, the cyberattack did not compromise the infrastructures but only complicated access to various sites.[7]

Ukraine conflict, cyber security and possible future scenarios

It is hard to predict how the Ukraine conflict will influence the future of cyber security and landscape, although, after more than two months of fighting, Russia, Ukraine and the entire Europe have witnessed a significant increase in cyber attacks. Indeed, both Russia and European countries have tried to boost their cyber security by creating special task forces and attracting more specialists to their portfolios of experts.

In this context, Russia might increase the use of technology to support its doctrine abroad and defend the country from external attacks. This scenario assumes that Russian messages will become more directed and divisive to an external (international) audience. To do this, Russia can double the number of media and social media posts and increase its cyber capabilities to create alternative news that will circulate primarily on social media. Russia should also increase its cyber security and study how hackers might impact official websites and Russian citizens to guarantee higher protection and security. Indeed, according to Kaspersky Lab, in 2021-2022, hackers targeted Russian citizens by using mobile Trojans in hidden subscriptions to paid services. According to the company, most users who encountered such malware were in Russia (27.32%). Among the Trojans that have become widespread in Russia, experts note, in particular, MobOk, GriftHorse.l and GriftHorse.ae.

As noted before, the Ukraine conflict has polarised the world of hackers and cyber security specialists, creating a separation of cybercriminal platforms and forums previously focused on obtaining financial gain. Until now, most cybercriminal forums have pursued exclusively material gain and have been out of politics, but everything can change in connection with the conflict between Russia and Ukraine, as several cyber security companies have stressed in the last months. Cybercriminal forums will begin to grow, split or form much faster, which will lead to the formation of new groupings that reflect specific political or social interests. Financially oriented sites will still exist, but new ones will also join them, advocating a particular point of view.

The uncertainty caused by hacker attacks impacts governments’ strategies and decisions, pushing Russia, Europe and the United States to invest copious financial funds to increase their cyber capabilities.

Looking at the Russian situation related to cyber security, in April 2022, the Russian authorities decided to expand the financing of the Information Technology industry, increasing the volume of tenders by 12%, reaching 34 billion rubles (around 487 million euros). A significant part of the investment flows will be directed to creating domestic solutions in the field of cybersecurity. Representatives of the Ministry of Internal Affairs have already announced their readiness to allocate 1.8 billion rubles (around 25 million euros) to develop infrastructure for information systems that control migration processes.[8] The authorities noted that the Russian defence systems were not ready for cyber attacks that hit the Russian sector after the imposition of sanctions. Since March 2022, Russian companies cannot use foreign software apart from those approved by the Ministry of Digital Development.[9] This condition has influenced Russian tech companies to find alternative domestic solutions or create new products quickly.

In the international arena, tech companies should adapt quickly to the latest development in the cyber landscape generated by the Ukraine conflict and the ongoing cyberwar between Russia, Ukraine, Europe, the United States and independent hacker collectives. The use of social media and other cyber and technology tools in the Russian-Ukrainian conflict will encourage tech companies to explore and change how their devices are used, managed and perceived by developers and users. This conflict is another example of how technology tools can be helpful or harmful in stressful situations. In recent months, technology, particularly social media, has come under fire for its role in spreading disinformation, deliberately amplifying conflict-prone rhetoric, and having a detrimental effect on young people.

Conclusion

The hacker attack against Italian infrastructures as the other attacks registered against Russia, Ukraine and European institutions have stressed the delicate situation we are experiencing related to cyber security and operations and their impact on domestic politics and foreign strategies. The Ukraine conflict has polarised the cyber landscape and divided pro-Kyiv and pro-Kremlin hackers who are currently fighting on these two sides.[10] In our monitoring report, we also stressed that in the digital age, geopolitics deals with telecommunication networks, submarine cables, hubs and landing points through which internet traffic passes. Therefore, the possible manipulation of voters through social networks and big data and cyber-attacks on critical infrastructures may be able to bring an entire country to its knees. These scenarios can shift the centre of gravity of the spheres of influence and, as expected, much business.[11]

In conclusion, it is possible to state that the current threats coming from cyberspace increase the level of geopolitical risk and push governments and big companies to invest money and human resources to elevate their cyber security and contrast potential attacks capable of influencing their work and reputation.

Sources

[1] Ukrainskiye Natsional’niye Novosti (2022) С начала “кибервойны” Anonymous опубликовали около 5,8 ТБ российских данных (Since the beginning of the “cyber war”, Anomymous has published about 5,8 TB of Russian data). Link: https://www.unn.com.ua/ru/news/1973372-vid-pochatku-kiberviyni-anonymous-opublikuvali-blizko-5-8-tb-rosiyskikh-danikh;

[2] Mariya Nefedyodova (2022) DDoS-атаки на систему ЕГАИС усложнили работу производителей и дистрибуторов алкоголя (DDoS attacks on the EGAIS system have complicated the work of alcohol producers and distributors), Haker.ru. Link: https://xakep.ru/2022/05/05/egais-ddos/.

[3] Bank Rossiya (2022) Информация о замедлении обработки некоторых операций в СБП (Information about the slowdown in the processing of certain operations in the SBP). Link: https://www.cbr.ru/press/event/?id=12734; Securitylab (2022) Российский видеохостинг Rutube подвергся мощной кибератаке ( Russian video hosting Rutube was subjected to a powerful cyber attack). Link: https://www.securitylab.ru/news/531533.php.

[4] The Daily Mail (2022) Sinister Russian hacking group threatens to shut down hospital ventilators in Britain after ‘officers arrested hacker for helping to cripple Romanian government websites’. Link: https://www.dailymail.co.uk/news/article-10787595/Sinister-Russian-hacking-group-threatens-shut-hospital-ventilators-Britain.html.

[5] Dan Sabbagh (2022) Russian hackers targeting opponents of Ukraine invasion, warns GCHQ chief, The Guardian. Link: https://www.theguardian.com/technology/2022/may/10/russian-hackers-targeting-opponents-of-ukraine-invasion-warns-gchq-chief.

[6] Carly Page (2022) US, UK and EU blame Russia for ‘unacceptable’ Viasat cyberattack, TechCrunch. Link: https://techcrunch.com/2022/05/10/russia-viasat-cyberattack/.

[7] Rai News (2022) Ripristinati i siti dopo l’attacco rivendicato dal gruppo russo Killnet. Link: https://www.rainews.it/articoli/2022/05/attacco-hacker-ai-siti-di-senato-e-difesa-rivendicato-dal-gruppo-russo-killnet-e8495f90-7a5f-44bb-8512-bb63c4b39e5d.html.

[8] Infobezopasnost (2022) Правительство РФ увеличило объёмы инвестиций в закупку IT-оборудования (The Government of the Russian Federation increased the volume of investments in the purchase of IT equipment). Link: https://infobezopasnost.ru/blog/news/pravitelstvo-rf-uvelichilo-obyomy-investitsij-v-zakupku-it-oborudovaniya/.

[9] Maria Shustrova (2022) Иностранное ПО убрали из госзаказа (Foreign software removed from government order), Gazeta.ru. Link: https://www.gazeta.ru/tech/2022/03/30/14683387.shtml.

[10] Giuliano Bifolchi (2022) Ukraine conflict and cybercriminals, SpecialEurasia. Link: https://www.specialeurasia.com/2022/03/21/ukraine-conflict-cybercriminals/.

[11] Giuliano Bifolchi (2022) Ukraine conflict: cyber warfare and geopolitical risk, SpecialEurasia. Link: https://www.specialeurasia.com/2022/02/26/ukraine-russia-cyber-warfare/.