A new cybersecurity report from Microsoft has analysed the cyber-attacks conducted during the Ukraine war.
According to the analysis, the Russian invasion of Ukraine, and its associated campaign of cyber-attacks, provides an opportunity to assess the strengths and weaknesses of offensive and defensive cyber operations.
“Where are collective defences successfully thwarting attacks and where are they falling short? What types of technological innovations are taking place? And critically, what steps are needed to effectively defend against cyberattacks in the future?” the company asked.
“The Russian invasion relies in part on a cyber strategy that includes at least three distinct and sometimes coordinated efforts – destructive cyberattacks within Ukraine, network penetration and espionage outside Ukraine, and cyber influence operations targeting people around the world,” Microsoft said in its analysis.
The company’s report drew five conclusions from its research about how cybersecurity has changed, and needs to adapt, in the face of the Ukraine war.
Microsoft recommended that countries need to be able disburse their digital operations and data to defend against cyber-attacks. This isn’t just to fend off digital attacks – not only did Russia launch ‘wiper’ attacks at on-premises computer networks in Ukraine, it launched a cruise missile against Ukraine’s governmental data centre early in the invasion.
However, by rapidly disbursing its digital infrastructure into the public cloud, Ukraine’s government sustained its civil and military operations.
The second conclusion was the importance of cyber threat intelligence and end-point protection to help withstand destructive cyber-attacks.
Cyber defences in the Ukrainian war have generally proven stronger than offensive cyber capabilities. This was in part driven by threat intelligence advances, such as AI, to help detects attacks.
This is especially important as attackers refine their campaigns.
“The recent and ongoing destructive attacks themselves have been sophisticated and more widespread than many reports recognise,” Microsoft warned.
Russia had to be careful about how it deployed malware. The NotPetya attack against Ukraine in 2017 used malware that could spread itself to different networks.
However, in 2022, Russia had to ensure its software was limited to specific network domains inside Ukraine itself to avoid it spreading into its own systems.
Thirdly, Microsoft found that Russian intelligence agencies have stepped up attacks against Ukraine’s allies.
Microsoft said that it detected Russian network intrusion efforts on 128 organisations in 42 countries outside Ukraine. While the US was the main target, Poland has also proven a priority as it is used as a logistical base to deliver materiel to Ukraine.
Microsoft’s fourth conclusion is that Russia is stepping up its propaganda campaigns to support its war efforts.
Among its goals are bolstering support among Russians, undermining confidence in Ukrainians, along with undermining unity among American and European populations. Furthermore, they have started targeting nonaligned countries to build delay or reduce criticism of the invasion.
Finally, Microsoft said that a coordinated and comprehensive strategy is needed to strengthen defences against future coordinated cyber-attacks.
“As the war in Ukraine illustrates, while there are differences among these threats, the Russian Government does not pursue them as separate efforts and we should not put them in separate analytical silos,” it said.
The invasion of Ukraine brought with it a wave of cyber-attacks. The initial cyber-attack conducted by the Russian military took place on the 23rd of February, hours before ground forces crossed the border on the 24th. A cyberweapon dubbed ‘Foxblade’ was deployed against computers in Ukraine.
Research from Atlas VPN from March, in the first weeks of the invasion, found that 89% of cyber-attacks were targeting either Russia or Ukraine.
Of this, 90% of the attacks were distributed denial of service (DDoS) attacks.
The 5th of March alone saw a total of 5 billion attacks launched against Russia as hacking group Anonymous declared a full cyberwar against the country.
In addition to the campaign waged against Ukraine, Microsoft warned that the cyber-campaign extends beyond the countries’ borders.
“The internet’s global pathways mean that cyber activities erase much of the longstanding protection provided by borders, walls, and oceans,” it noted.
In the run up to the Ukraine war, firms in Scotland and the UK were urged to tighten cybersecurity based on fears that Russia would launch cyber-attacks at Western targets. Ultimately, there have been few major disruptions caused as a result beyond Europe’s borders – an attempt to disrupt the Eurovision Song Contest was halted by Italian authorities.
However, “it’s important … not be misled into an unwarranted sense of tranquillity from the external perception that the cyberwar in Ukraine has not been as destructive as some feared,” Microsoft noted.
Get the latest news from DIGIT direct to your inbox
The DIGIT newsletter covers the latest technology and IT news from Scotland and beyond, as well as in-depth features and exclusive interviews with leading figures and rising stars.
To subscribe, click here.