As Ukrainian cities come under air attack from Russian forces, the country has also suffered the latest blows in an ongoing campaign of cyberattacks. Several of Ukraine’s bank and government department websites crashed on Wednesday, the BBC reports.
The incident follows a similar attack just over a week ago, in which some 70 Ukrainian government websites crashed. Ukraine and the US squarely blamed Russia.
With a full-scale invasion now evident, Ukraine can expect to contend soon with more cyberattacks. These have the potential to cripple infrastructure, affecting water, electricity and telecommunications services – further debilitating Ukraine as it attempts to contend with Russian military aggression.
Cyberattacks fall under the traditional attack categories of sabotage, espionage and subversion. They can be carried out more rapidly than standard weapon attacks, and largely remove barriers of time and distance. Launching them is relatively cheap and simple, but defending against them is increasingly costly and difficult.
After Russia’s withdrawal from Georgia in 2008, President Vladimir Putin led an effort to modernise the Russian military and incorporate cyber strategies. State-sanctioned cyberattacks have since been at the forefront of Russia’s warfare strategy.
The Russian Main Intelligence Directorate (GRU) typically orchestrates these attacks. They often involve using customised malware (malicious software) to target the hardware and software underpinning a target nation’s systems and infrastructure.
DDoS
Among the latest attacks on Ukraine was a distributed denial of service (DDoS) attack.
According to Ukraine’s minister of digital transformation, Mykhailo Fedorov, several Ukrainian government and banking websites went offline as a result. DDoS attacks use bots to flood an online service, overwhelming it until it crashes, preventing access for legitimate users.
Destructive “data-wiping” software has also been found circulating on hundreds of computers in Ukraine, according to reports, with suspicion falling on Russia.
On 15 February, Ukraine’s cyber police said citizens were receiving fake text messages claiming ATMs had gone offline (although this wasn’t confirmed). Many citizens scrambled to withdraw money, which caused panic and uncertainty.
In December 2015, the GRU targeted Ukraine’s industrial control systems networks with destructive malware. This caused power outages in the western Ivano-Frankivsk region. About 700 000 homes were left without power for about six hours.
This happened again in December 2016. Russia developed custom malware called CrashOverride to target Ukraine’s power grid. An estimated one-fifth of Kiev’s total power capacity was cut for about an hour.
More recently, US officials charged six Russian GRU officers in 2020 for deploying the NotPetya ransomware. This ransomware affected computer networks worldwide, targeting hospitals and medical facilities in the US, and costing more than US$1-billion in losses.
NotPetya was also used against Ukrainian government ministries, banks and energy companies, among other victims. The US department of justice called it “some of the world’s most destructive malware to date”.
Another Russia-sponsored attack that began as early as January 2021 targeted Microsoft Exchange servers. The attack provided hackers access to e-mail accounts and associated networks all over the world, including in Ukraine, the US and Australia.
Ukraine faces serious risks right now. A major cyberattack could disrupt essential services and further undermine national security and sovereignty.
In conventional warfare, attribution is usually straightforward. But in cyberspace it is very complex, and can be time-consuming and costly
The support of cyber infrastructure has been recognised as an important aspect of international aid. Six European Union countries (Lithuania, Netherlands, Poland, Estonia, Romania and Croatia) are sending cybersecurity experts to help Ukraine deal with these threats.
Australia has also committed to providing cybersecurity assistance to the Ukrainian government, through a bilateral Cyber Policy Dialogue. This will allow for exchanges of cyber-threat perceptions, policies and strategies. Australia has also said it will provide cybersecurity training for Ukrainian officials.
Historically, Russia has managed to evade much of the responsibility for cyberattacks. In conventional warfare, attribution is usually straightforward. But in cyberspace it is very complex, and can be time-consuming and costly.
It’s easy for a country to deny its involvement in a cyberattack (both Russia and China routinely do so). One reason plausible deniability can usually be maintained is because cyberattacks can be launched from an unwitting host. For example, a victim’s compromised device (called a “zombie” device) can be used to continue a chain of attacks.
So, while the operation may be run by the perpetrator’s command-and-control servers, tracing it back to them becomes difficult.
- Mamoun Alazab is associate professor, Charles Darwin University
- This article is republished from The Conversation under a Creative Commons licence