For better or worse, war stimulates innovation. From Archimedes’ defense of Syracuse to the Manhattan Project’s atomic bomb to the deciphering of Alan Turing’s “bomb” at Bletchley Park, the war spurred invention. Two years into the conflict, we can say the same about the war between Russia and Ukraine. “A living laboratory”, Ukraine exploits and develops information technologies to stand up to the Russian army, even if it is numerically and outgunned.
With the help of the United States and its European allies, Ukraine managed to slow and repel the Russian invasion. While the headlines talk about the West supplying tanks and artillery, behind the scenes, Ukrainian forces are turning their attention to advances in software, particularly in cybersecurity and artificial intelligence.
Of start of the conflictRussia has engaged in a series of high-profile cyberattacks, employing various tactics to support conventional warfare efforts:
- Destructive attacks aimed at damaging systems or permanently deleting data.
- Disruptive attacks slow down services, including distributed denial of service (DDoS) attacks.
- Data Flight which exfiltrated strategic data for espionage, surveillance and intelligence purposes.
- Disinformation operations aimed at spreading propaganda, false information and psychological operations.
From the start of hostilities, these types of attacks were widespread: Russia attacked the communications systems of the Kiev Post Office and the KA-SAT satellite network. And the Russians engaged in data eraser worm attacks on Ukrainian government websites and launched cyberattacks targeting border control in order to hinder the flight of refugees. These attacks were followed by attacks on Ukraine’s digital infrastructure, blocking access to financial services and energy providers.
Ukraine responded by strengthening cybersecurity measures, establishing partnerships with international allies, and recruiting cybersecurity experts. This preparation helped Ukraine repel most Russian attacks, retaliate and embarrass Putin’s regime, hacking railways and financial institutions. Ukraine also exploits low-cost, homemade technology, eliminating Russian assets using commercially available drones.
As the war dragged on, cyber operations became more sophisticated. The Russians continue to disrupt and spread misinformation, but they also engage in more serious activities, hacking security cameras to spy on troop movements and disrupting energy and telecommunications networks. The worst attacks took place in May-December 2023, directed against the Ukrainian mobile operator Kyivstar. Security Service of Ukraine (SBU), reported that Russia had been present within the telecommunications giant for months and had destroyed its “core”, with serious consequences for mobile and data services.
The overflow
THE CyberPeace Institute reported that attacks linked to the Russian-Ukrainian conflict have affected nearly 50 other countries. For example, the Vatican website suffered a DDoS attack after Pope Francis condemned Russia for invading Ukraine.
Other incidents caused “collateral damage.” A Russian attack on US company Viasat, an internet service provider in Europe and Ukraine, destroyed 5,800 modems in wind turbines owned by German utility Enercon. Other indirect victims include organizations hacked by Russian cybercrime gangs, whose money was siphoned off to fund the Russian war machine.
The tactics and techniques employed by the two countries have set new precedents, prompting countries around the world to reassess their cybersecurity posture. The result has been increased awareness of the need for robust measures and international cooperation to counter evolving cyber threats.
Nations and organizations, recognizing the importance of staying ahead of evolving cyber threats, are investing heavily in R&D, accelerating the development and deployment of advanced cybersecurity technologies. The attacks on Kyivstar show that no organization is safe from skilled hackers. As a result, even as the war degraded European and global economies, cybersecurity budgets increased significantly.
Cyberwarfare moves to the cloud, use of AI/ML
Cloud-based cyberwarfare highlights new attack surfaces, with targets combining on-premises networks and cloud-based assets. The attack on Kyivstar destroyed more than 10,000 local computers and 4,000 servers, and also took out cloud storage and backup systems, which are harder to quantify. Ukrainian hackers are also cloud savvy, disrupting Russian cloud services Bitrix24, hosting many Russian companies.
Before the conflict, Amazon, Google, Microsoft and Starlink worked to protect Ukraine from Russian cyberattacks, migrating crucial government data to the cloud to keep the country connected.
AI technology vendors like Palantir were quick to inject their products into the conflict. Since day one, Ukraine has leveraged AI to analyze satellite imagery, open source data, drone imagery and ground reports to guide military operations, saving myriad man-hours and thousands of lives.
These tools integrate commercial and classified government data, including the collection of evidence of war crimes, mine clearance and refugee resettlement. War now offers an “industry standard” for AI and cybersecurity products, with vendors touting them as “Ukraine proven.” Here are four takeaways:
- Combine and coordinate defenses: Complete the “need to know” with the “systemic need to know everything”. Share cyber intelligence with your peers, allies and government.
- Balance infrastructure with endpoint defenses: Just because new threats target the cloud doesn’t mean desktop and mobile clients need any less protection.
- Act locally, think globally: With resources and operations moving to the cloud, the reach of attack surfaces now extends well beyond the enterprise premises.
- Embrace automation: Modern attacks happen at the speed of the Internet. Don’t rely on human actors to formulate a response and take defensive action.
Security professionals should note that the war between Russia and Ukraine showed that planning and preparation, coupled with technology, manpower, intelligence (and a little help from from friends), go a long way to thwarting the most formidable cyber threats. Security professionals will continue to learn from this conflict.
Asaf Shahar, Vice President of Product, Skyhawk Security
