Three lessons in Cyber risk, from the world's first hybrid war
15 August 2022
Russia’s invasion of Ukraine began long before their soldiers set foot in the country.
In January, 70 government websites in Ukraine were replaced with the chilling message “Be afraid and prepare for the worst.” They had been hacked by Russia as part of an escalating cyberwar that started nearly a decade ago. In that same week government agencies, NGOs and IT companies were hit with a destructive malware attack. A separate DDoS attack knocked banking and government websites offline, and spam texts were sent to civilians to spread confusion and panic in the country.
These attacks were denounced by Nato and governments around the world, but they were only the start. In the first moments of the physical invasion, as soldiers breached the borders of Ukraine, Russian hackers attacked satellites to limit communication across Ukraine and Europe. They hit border crossing points with data-wiping software, so that fleeing civilians were forced to queue for days as their passports were processed by hand. And as the war progressed, Ukrainian broadcasters and power stations faced both physical and cyber assaults – simultaneous attacks in the world’s first hybrid war.
Since the start of the physical invasion, Russia’s war on Ukraine has been front-page news around the world. But its online battles have been happening for years – we just rarely hear about them. The thing about cyber weapons is that they are quiet.
Here are three lessons we’ve learned so far from Russia’s cyberwar on Ukraine.
Armchair activists are becoming state weapons
- Two days after Russia’s physical invasion began, Ukraine’s Deputy Prime Minister and Minister of Digital Transformation Mykhailo Fedorov announced the IT Army of Ukraine. He asked “digital talents” to hack Russian targets, to disrupt daily life in Russia and collect intelligence that could help the war effort. Over a quarter of a million people subscribed – ‘hacktivists’ from around the world who are breaking their own country’s laws to support Ukraine. Within days they had taken down the Russian Foreign Ministry, the Moscow Exchange, and state-owned bank Sberbank. Ukraine’s hacktivist army shows the power of the collective in a world of cyberwarfare. Thousands of cyber soldiers can take up arms from the comfort of their sofa, wherever they are in the world – rallied by whatever cause captures their hearts and minds. And when they work together, they can take down even the most secure targets. This has long been the power of Anonymous, the infamous hacking collective that successfully attacks groups ranging from the FBI to PayPal to ISIS. But this the first time we’ve seen a country’s government use the same tactics in warfare.
Anyone can become collateral damage
- Ukraine has embraced its IT Army, but their attacks on Russia could have consequences for all of us. The risk of vigilante hackers poking the Russian bear is very real, and foreign governments have been begging their citizens not to drag them into a digital war with one of the world’s most dangerous cyber superpowers. There is also the threat of spill-over to unintended casualties; once you unleash a cyber attack, it can be hard to control its rampage. This is exactly what caused the most destructive cyber attack in history – the 2017 malware attack NotPetya. NotPetya was launched by Russian military hackers and spread rapidly, bringing multinational companies to their knees and causing an estimated $10 billion in damages. The virus infected hospitals, shut down factories, and halted supply lines in 65 countries – but its original target was Ukraine. So far in this hybrid war Russia has been more restrained than many expected, as none of their cyber attacks on Ukraine have caused global damage on the scale of NotPetya. But the risk isn’t passed yet.
Move fast or become uninsurable
- Today the world is more connected than ever, and the pandemic forced many to digitise their systems in a matter of weeks. This reactionary digitisation was a golden opportunity for cybercriminals: since 2019, global ransomware incidents have increased by 230%, and pay-outs rose by 370%. With such a huge spike in companies targeted, and such huge growth in the amount they are forced to pay, insurers are becoming much more selective in who they insure. Only clients with the strongest cybersecurity are able to purchase Cyber insurance, which means the majority are becoming uninsurable. And with 90% of insurers reporting increased demand for Cyber insurance, the competition for cover is hotting up. Companies must secure extensive cybersecurity measures to ensure they can find – or keep – the cover they need.
The war isn't over - so what's coming next?
Our Head of Global Cyber, Shay Simkin, says “We haven’t seen the
NotPetya Part Two that we were expecting, but I’m still holding my
breath. Launching a significant cyber attack can take 12 – 18 months to
prepare, and there’s evidence that Russian hackers have already
infiltrated major global computer systems. As sanctions increase and the
world continues to support Ukraine, the pressure on Russia is growing –
as is the cyber-threat it poses.
In any cyber attack, the difference between the victims and the survivors
is the strength of their armour. As the threat of ransomware increases
and the cost of attacks escalate, the risk of having gaps in your defences
grows exponentially. Strong cybersecurity, safe practices, and
comprehensive insurance cover will be vital in the months to come, so
make sure you are prepared to face whatever is on the horizon.”