As The Washington Post reports, experts say the cyber strikes have exposed Russian methods, illustrated the importance of rapid international cooperation and undermined any notion of Moscow’s cyber invulnerability. Fearing a repeat of the damage caused by previous Russian campaigns such as the NotPetya malware, U.S. intelligence agencies and American tech giants alike spent years collaborating and sharing information with Ukraine before the war. It mostly appears to have worked.
George Dubynskyi, deputy minister for security in Ukraine’s Ministry of Digital Transformation, told the Post that Ukrainian officials were able to shift critical data to the cloud shortly before the invasion. Although some phishing attacks landed, using physical tokens for multi-factor authentication helped stave off the worst.
Following Ukraine’s example, the U.S. Cybersecurity and Infrastructure Security Agency is concentrating on “target rich, cyber poor” industries such as ransomware-beset hospitals, schools and local governments, CISA’s executive director, Brandon Wales, told the Post.
But threat intelligence firms are sounding the alarm that Russia is planning to test Ukraine’s digital defenses further, as Politico reports. Google’s Threat Analysis Group recently warned of its “high confidence” that Russia “will increase disruptive and destructive attacks” this year if Ukraine “fundamentally” gains the upper hand. Recorded Future, too, cautioned that Moscow’s next major military salvo against Ukraine will “almost certainly” be aided by Russian hackers.
What’s more, as Cybersecurity Dive reports, Ukrainian authorities have only recently discovered a number of breaches stemming from the end of 2021. Ukraine’s cybersecurity agency said that no essential systems were disrupted by the breaches.
This much seems certain, as The Street reports: Cyberattacks are now an established tool that will be used in advance of physical wars. Mike Heredia, a vice president at Tel Aviv-based hybrid cloud security provider XM Cyber, tells the news site that organizations need to go beyond periodic penetration tests, creating strategies “to eradicate this risk on a day to day and week to week basis.”