Cyber Experts Predict More Harmful Cyberattacks in UkraineReport Was Commissioned by the UK National Cyber Security Center
Ukraine should brace for more Russian wiper and ransomware attacks, concluded a panel of cyber threat intel experts and government officials in a report assessing the cyber dimensions of Moscow's ongoing war of conquest against its European neighbor.
The report, commissioned by the U.K. National Cyber Security Center, finds the tempo of destructive cyberattacks has ebbed and flowed across the first year of the Russian invasion.
Participants in a daylong workshop convened by the European Cyber Conflict Research Initiative and granted anonymity for candor "anticipated the increased use of throwaway or single-use wipers," the report states. They also predicted an uptick in commercial ransomware attacks.
"The ability to bootstrap criminal capabilities to provide new attack opportunities will prove increasingly important, as operator burnout threatens to become a real challenge for Russia," the report says.
Espionage and destructive attacks have each assumed primacy in observable Russian operations in apparent rough correlation with Moscow's warfighting priorities such as disrupting operations of the Kyiv government or responding to Ukraine's counteroffensive.
Changes in Russia's military leadership have also led to changes in cyber strategy. Gen. Valery Gerasimov, appointed in January as the overall commander of the Ukrainian invasion, "has been a strong proponent of using information operations to influence both people and institutions," the report says.
Russian doctrine doesn't draw clear distinctions between information operations and cyberattacks, the reports says. They have the same objective of destabilizing Western institutions and creating psychological effects.
Despite periods of relative quiet, Russia overall has found a wiper method that works for it, the report concludes: "pure wipers" that lack worming capabilities, are easy to change and manipulate quickly and are quick to build and launch. Directly targeted wipers avoid the possibility of spillover, a mistake the report says Russia initially made with the AcidRain attack it deployed against ViaStat in the first hours of the invasion.
Attendees agreed Russia is unlikely to see multifunctional wipers such as NotPetya emerge in the coming months, although they disagreed about whether that's because Russia lacks the resources to develop more sophisticated malware or because Russia is conserving its cutting-edge attack capabilities for the future.
The report cautions against assuming too much coordination between Russian-speaking criminal groups and the Kremlin even as some participants said that the Russian government "can very quickly create linkages with criminal actors if and when it so chooses."
The line between state and nonstate actors is blurring as is the boundary between cybercriminals and hacktivists. Ransomware is "increasingly politicized," the report says.