1. Analysis
May 4, 2022

The Ukraine cyberwar that never was: Cybersecurity experts warn it’s too early to relax

Russia's cyberwar in Ukraine hasn't been as intense as feared, but cybersecurity experts warn it's too early to relax.

By Eric Johansson

Nothing about the cyberwar in Ukraine has unraveled as predicted. People believed Russian aggression would rely equally on shelling and hackers, threatening both physical and digital infrastructures. It would be only a matter of time before Kyiv capitulated, experts feared. However, that version of the war didn’t happen.

Kremlin-backed hackers have so far failed to cripple critical infrastructure. Instead of being devastated by the offensives launched, Ukraine has fought back. The cyber resistance has echoed the nation’s physical one, perplexing the experts who anticipated an all-out war fought in the realm of zeroes and ones.

“I was quite astonished that we weren’t seeing the cyber angle of this invasion at the level that we probably all expected,” Jake Moore, global cybersecurity advisor at cybersecuirty firm ESET, tells Verdict.

Cybersecurity experts still warn that it’s too early to let the guard down. They caution that the war in Ukraine could still spill over into other nations, compromising cybersecurity on a global scale.

“I have no doubt in my mind that Putin will be wagging his finger at the cyber attackers that are on his side, suggesting that they continue with their sophistication and persistence,” Moore says. “So it’s something that we can’t put to bed just yet.”

Corporate chieftains have reasons to heed these warnings, despite the absence of the cyberwar so far.

Unfulfilled predictions of a cyberwar

The biggest surprise of the cyberwar was that there wasn’t one. “Everyone expected that this was going to be the first war in which cyber warfare played a sort of big part,” David Bicknell, principal analyst at GlobalData and the author of a new Thematic Research: Technology Cybersecurity report, tells Verdict.

They had reason to believe that. People have predicted that the next big war would be fought in cyberspace and not in the real world for almost three decades. A Rand Corporation paper inked by John Arquilla and David Ronfeldt warned that the “cyberwar is coming” already back in 1993.

It’s become a popular refrain in the years since. Everyone from Hilary Clinton’s security advisors to UK prime minister Boris Johnson have sung it. When Russian troops started to amass on the Ukraine border earlier this year, cybersecurity experts expected it that it was only a matter of time before the digital war would kicked off.

People had reason to fear a Russia-led cyberwar. Vladimir Putin’s regime has form in this area. Russian and Chinese nation-state backed groups were responsible for 46% of all observed advanced persistent threats in the second half of 2021, according to research from cybersecurity company Trellix. US and UK security agencies have accused the GRU, Russia’s military intelligence division, of conducting “hundreds” of cyberattacks against both government and private sector targets since 2019.

Russian miscreants have been linked to several high-profile hacks. That includes the recent digital assaults of software company SolarWinds, fuel pipeline Colonial Pipeline and meat processor JBS. Moreover, the Kremlin has been behind cyberattacks against Ukraine since the annexation of the Crimean peninsula in 2014.

So it made sense that Putin’s thugs would try to dominate the neighbouring nation with digital assaults. The zeitgeist seemed to scream that old-time troops were passé. Those predictions failed to be fulfilled. Instead, the Ukraine war has been fought in the traditional way with missiles, tanks and guns – atrocity after atrocity.

“The reality of what’s been happening between Russia and Ukraine is that it hasn’t really been about cyber warfare at all – it’s been about warfare in its most real horrific state,” Bicknell says.

Why didn’t the cyberwar happen?

Ukraine has, contrary to everyone’s expectations, put up a fight. Not only has its army fought the invaders for every inch of the country, but the nation’s IT army – recruited from Ukraine’s domestic reserves of hacktivists and cybersecurity experts – has also launched a digital counter-offensive against Russian government departments, delivery companies and TV stations.

There have been some digital skirmishes. Russian cybersecurity firm Kaspersky has linked the war in Ukraine to an all-time high of distributed denial of services (DDoS) attacks in the first quarter of 2022. Kaspersky has also, it should be noted, been facing some setbacks of its own. The US Federal Communications Commission has put the firm on its naughty list of companies that present threats to national security. Similarly, German regulators have advised businesses to uninstall Kaspersky software.

Researcher from cybersecurity firm Netscout shows that in the first month of the war, DDoS attacks against Russia jumped by 236% whereas attacks against Ukraine increased by 134%. Interestingly, DDoS attacks decreased by 32% across the entire Europe, Middle East, and Africa region during the same period, the researchers found.

At the same time, several western companies, such as Microsoft and SpaceX have rushed to offer support to the Ukrainian government by protecting critical infrastructures. The pushback could be one of the reasons why the Russian cyber effort so far hasn’t been much worse than what preceded the February invasion.

“Putin and his regime did not expect the power of companies and other countries who weren’t directly involved and people around the world – including gangs such as Anonymous and other cyber groups – and their capability to act together to push the onus back into Russia,” Moore says.

A second reason for why the cyberwar didn’t unfold to everyone’s expectations was simply because you can’t hold ground in cyberspace. That was one of the reasons presented by Ciaran Martin in a in a recent article. He is a professor at the Blavatnik School of Government, University of Oxford, and the former head of the UK National Cyber Security Centre (NCSC).

“The reality is that cyber capabilities, as currently understood, can do everything from low-level harassment to serious disruption of everyday economic and social activity,” Martin wrote. “But they can’t do what missiles, fighter jets and soldiers do.”

He also suggested that if there was a hack in the West, then it would be “blindingly obvious who had carried it out.”

The West hasn’t really felt the brunt of the small-scale cyberwar so far. Despite warnings from the likes of the US Cybersecurity & Infrastructure Security Agency and the UK’s NCSC cautioning organisations to put “shields up”, little from the armed conflict spilled over into cyberspace.

If Russian ruffians rustled up the guts to launch a big digital assault, countries like the US and the UK would be forced to retaliate. That retaliation could have unforeseen ramifications. The fear of the unexpected fallout is also part of the reason why cybersecurity experts warn that the war could still affect the companies outside of Ukraine.

Ukraine crisis still cause for cybersecurity fears

Another reason behind the Kremlin’s reluctance to go all in with the cyberwar is that it is difficult to control attacks. Just like physical viruses, digital ones recognise no borders and could end up spreading across the internet, with catastrophic cybersecurity consequences as a result.

The NotPetya attack in 2017 is an example of that. Sandworm, a hacking group linked to the GRU, has been been blamed for the ransomware attack. The group first targeted Ukrainian organisations. The virus shut down the the Chernobyl nuclear power plant’s radiation monitoring system as well as affecting several Ukrainian banks and ministries.

However, the virus wasn’t contained within Ukraine. It ended up infecting organisations in 65 countries, including in Russia. Danish shipping giant Maersk, international law firm DLA Piper and Russian oil business Rosnet were some of the companies affected.

The attack also caused protracted legal battles between the victims of the hack and their insurance companies.

“You had people like [biopharmaceutical company] Merck having to claim on their cyber insurance, because they were clearly impacted and their insurance company turned around and said that they couldn’t claim [because they didn’t cover acts of war] and then they ended up having to go to court,” Bicknell recalls, noting that Merck won its $1.4bn lawsuit earlier this year.

While none of the recorded incidents has spread so far, the risk of it is far from zero, which is another reason why businesses must remain cautious about cybersecurity threats coming out of the Ukraine conflict.

Could the war be about to heat up?

Hints of a cyberwar has been somewhat absent from the Ukraine conflict so far. However, researchers fear that this might be about to change. Tech giant Accenture has warned that attempts revealed in early April to cripple the Ukrainian energy grid could be a preamble to worse things to come.

Sanctions against Russia could exacerbate the conflict. In the two months since the war began, democracies around the world have introduced unprecedented sanctions against the Putin regime. And they are getting tighter. In early May, the EU announced a new package aimed at punishing the Russian oil industry for the nation’s war. However, Martin warned in his article that that Putin’s failures and escalating Western sanctions could provoke the Kremlin to step up aggression in cyberspace. Others have raised similar warnings.

“The Russian government has made strong statements regarding actions it would take against business entities attempting to exit the country including nationalisation of assets,” Martin Tyley, head of UK cyber at professional service firm KPMG, tells Verdict. “Organisations should continue to be prepared for a potential increase in cyberattacks in retaliation to such exits.

“In addition, as they are often considered to be priority targets in times of conflict, those businesses considered part of the critical infrastructure, including energy, telecommunications, media and financial services firms should also be on heightened alert.”

Of course, cybersecurity experts are personally affected by the crisis too: heightened uncertainty from the war and the pandemic has created a cybersecurity boom. The more reason businesses have to strengthen their firewalls, the more in demand the sector’s services are. As a result of the last two years’ chaos, cybersecurity firms have made off like bandits. Not only have more clients bought their services, but venture capital investors have backed new startups. Still, that doesn’t mean that their warnings are insincere or shouldn’t be taken lightly.

Whether or not the Ukraine conflict will become a cyberwar or not, corporates clearly shouldn’t let down their guards just yet.

GlobalData is the parent company of Verdict and its sister publications.