Ukraine Conflict – The First Hybrid Cyber Kinetic War

The Russian invasion of Ukraine will likely go down in history as the first genuinely hybrid cyber-kinetic conflict. Cyber-attacks carried out by Russia as part of its military operations, along with the risks faced by organisations and companies allied to the resulting sanctions, have shone a light on global cybersecurity risks. 

On January 14, more than a month before Russian tanks rolled over the Ukrainian border, its cyber-territory was violated in attacks on around 70 government websites, disabling more than a dozen of them. Another cyber-attack on February 15 took down the websites of the Ukrainian military, other government agencies and its two largest banks.

Russia Links

The February operations were relatively simple distributed denial-of-service (DDoS) attacks, which attempt to overwhelm a system with a flood of incoming traffic from multiple sources. Russia denied any involvement but its state-controlled entities have been linked to cyber-crime multiple times in the past, including the SolarWinds hacking of US government agencies in December 2020, and infiltrating White House and State Department email systems in 2014. 

One of the major economic moves against Russia since the Ukraine invasion has been throwing seven of its largest banks off the global SWIFT payment messaging system, through which trillions of dollars pass each day.

A financial regulator that oversees some of the banks which use the system told the Financial Times: “There are lots of concerns about SWIFT. Banks seem to be comfortable with their own cyber security levels, but a hit to SWIFT would be very detrimental to the whole banking system.”

In light of the damage being wrought by the economic sanctions being imposed on the Putin regime and its supporters it would be surprising if Russia didn’t attempt to hit back somewhere.  

According to Russian-born American cybersecurity analyst Dmitri Alperovitch, this is more likely to come after the situation in Ukraine eases.

Speaking at a recent event organised by his Alperovitch Institute think tank, he said, “They’re obviously quite busy right now, prosecuting the war in Ukraine…but as soon as they start accomplishing their military objectives on the ground in Ukraine they may revert back to looking at the West.”

“I expect they might target energy infrastructure in Europe, they might target it in the US as well,” he added. “They might go after financial infrastructure as direct retaliation for sanctions.”

And with the number of companies pulling out of Russia continuing to grow, and sanctions biting harder, the list of possible hacking targets is expanding.

Defence mechanisms

In terms of shoring up defences against attacks, the first thing is to ensure that all basic measures are being taken. This means virus protection software being kept up to date, passwords regularly updated, multi-factor identification protocols and having offline backups.

More advanced precautions, which should be standard at larger organisations, include access to sensitive information or systems being restricted to essential personnel, encryption of data, comprehensive monitoring systems, cybersecurity training for all relevant staff, recruiting of cybersecurity specialists and implementation of clear cybersecurity policies.

One brand of anti-virus software that currently might be better avoided is Russia-headquartered Kaspersky, which has long been suspected of close ties to the Kremlin. In mid-March, Germany’s Federal Office for Information Security warned against running Kaspersky’s products due to fears of computers being used for purposes beneficial to Russia. That was followed a few days later by Italian authorities announcing they were investigating the “potential risks” of Kaspersky software being used for cyberattacks.  Later on the U.S. FCC added Kaspersky to its national security threat list.

At the national level, the US is acknowledged to have the most advanced capabilities and so is unlikely to suffer a devastating cyberattack, though that does not make it completely immune. The EU is bolstering its existing capabilities and is in the process of passing a Cyber Resilience Act to add to legislation it already has in place.

How prepared is Japan?

Though the situation in Japan may not be as bad as was suggested by then government cybersecurity strategy chief Yoshitaka Sakurada admitting in late 2018 that he had never in his career used a computer, it’s certainly not a leader in the cyber defence stakes.

In fact, Japan placed 40th globally in the National Cyber Security Index ranking produced by the e-Governance Academy non-profit. Similarly, in a report released last year by Britain’s International Institute for Strategic Studies titled ‘Cyber Capabilities and National Power: A Net Assessment,’ Japan was ranked in the third (lowest) tier alongside countries including Vietnam, Malaysia and North Korea. The report concluded ‘Japan’s defences in cyberspace are not especially strong, with many corporations unwilling to meet the costs of bolstering them.’ The report also identified a lack of a unified national strategy and doctrine.

A number of Japanese companies have been victims of hacks since the start of the Ukraine conflict, though at this point there is no proven link to Russian entities. Two major Toyota suppliers, Denso (at its German operations) and parts maker Kojima Press Industry in Aichi, were hit by ransomware attacks last month, the latter shutting down all of the auto giant’s Japanese factories on March 1st.

The American operations of tyre maker Bridgestone was also hit by a ransomware attack in February, with hackers threatening to publicly release stolen information unless payment was made.

Japan’s National Police Agency is to create a cyber division this year, while the Ministry of Defense is hiring more cybersecurity staff to meet the threat of increasingly sophisticated attacks from Russia, China and other sources.

But companies will remain on the cybersecurity frontline and as the digital shift continues to progress, the demand for specialists to keep the online landscape as safe as possible will only increase.

By Gavin Blair

We are currently looking for the following candidates in cyber security;

-Head of Cyber Security Sales
-Cyber Security Sales and management
-Cyber Security in-house Managers
-Cyber Security Planning & Implementation
-Cyber Security Consulting
-Cyber security Pre Sales

To find out more about these roles please  Contact us or see our latest positions here