The Russia-Ukraine conflict is a watershed moment in the history of cyberattacks and risk analysts are preparing for a grim scenario
The international hacker group, Anonymous, responsible for several cyber incidents including distributed denial of service (DDoS) attacks – where a site is rendered unreachable by being bombarded with traffic –have brought down several Russian government websites and that of Russia Today, the state-backed news service. The DDoS attacks still appeared to be working on Sunday (February 27, 2022) afternoon, with the official sites for the Kremlin and Ministry of Defence still inaccessible. Meanwhile, the UK news television channel BBC, tracked down a group of patriotic Russians taking down Ukrainian government websites. As the war in Ukraine intensifies, both sides and independent players are waging a cyberwar against each other’s IT infrastructure.
Threat to Internet cable links
It is not just cyberwar that the world fear, but the risk of disruption of global communication links running through the warzones. When Russia invaded and annexed Crimea in 2014, one of its first suspected actions was to damage some communications cables belonging to the Ukrtelecom monopoly that linked the peninsula to Ukraine. This partially disrupted internet connectivity provided the Kremlin another point of leverage over the region and limited the world’s visibility into the early phases of the “grey zone” conflict (a term used to denote a conflict that falls below the threshold of war).
Risk analysts are preparing for a scenario when the Russian military could target any of the dozens of submarine cables linking other parts of Europe to the global internet–and which, by extension, may carry traffic originating in (and destined for) Ukraine. For instance, there are sixteen submarine cables touching Ireland, and cutting some of those cables–a couple of which are in the vicinity of the conflict zone–would damage the flow of global internet traffic that could take several hours or even days to repair. It could also considerably distract those countries from other world events.
Evolution in cybersecurity
According to 451 Research, a global research, and advisory firm:
“…if the conflict in Ukraine signals a global realignment of powers, its impact will be no less felt in cybersecurity. Although the adversaries already have a long history with cyberattacks, the evolution of cyber threat activity could shape the nature of conflict in the future – an evolution already evident in campaigns over the past several years, affecting targets beyond the immediate theatre of this fight, as well as in the runup to the recent escalation in the kinetic conflict.”
Similar cyber attacks appeared in Ukraine in 2014 when the Donbas region of Ukraine revolted. In 2015, the BlackEnergy attacks against the Ukraine power grid demonstrated the ability of cyberattacks to cripple the power supply in the region. What does all this mean for providers of cyber defence technologies and services, and where do we expect to see further or increased momentum in this market?
M&A in cybersecurity vertical to intensify
Last year saw more than US$5 billion in M&A (Mergers & Acquisitions) activity among companies dealing in various aspects of adversary awareness. From threat intelligence to technologies and services that give defenders the attacker’s view of targets and opportunities, we expect the conflict in Ukraine and its potential fallout beyond the region to stimulate even more activity in this trend. This momentum is expected to be equally manifest in terms of threat detection. A recent survey showed threat detection and response to be the top category of security technology that organizations were planning to deploy in the months ahead.
Communication backbones at risk
One of the possible avenues for Russian cyber threat actors against Ukrainian targets may be found in the fact that many Ukrainian IT and operational technologies were implemented in or by Russian firms. This may give Russian operatives deep and detailed knowledge of these environments to exploit, which could have direct implications beyond the borders of conflict, given that the backbone of communication lines between Europe and Asia may run through the region.
IT supply chains under threat
The intent to achieve a similar level of leverage is further evident in incidents beyond the area, in attacks that sought to amplify impact through IT supply chain exploits that revealed a high degree of familiarity with the primary target. Together, these factors put a high bar on the mitigation of threats arising from the IT supply chain. The challenge for opportunists in this realm will be balancing depth with breadth. The recognition of exploits in defensive tools may require the same depth of familiarity with an individual target that the attacker shows, while the scope of dependencies in online services continues to expand, making the challenge of breadth equally daunting. Demand for functionality that can tame these twin challenges can be expected to increase, but their effectiveness may be hampered by just how far they can go to mitigate risk in the ever-widening interconnectivity of IT and digital resources.