I find it surprising that the war in Ukraine is being fought so physically and conventionally. My expectation would have been – at least initially – a high-tech and cyber war. I don’t even want to speculate on why this is or whether this is better or worse for the Ukrainian people.
Chester Wisniewski’s article summarizes how the cyber component of the war has been raging for 15 years, however, and is not limited to Ukraine.
Notable from my perspective are the 2015 attacks to shut down the power grid in Ivano-Frankivsk. The 2017 NotPetya wave caused damage well beyond Ukraine and also hit international corporations such as the Danish shipping company Maersk with media attention.
The string of denial-of-service (DoS) attacks and wipers (software that deletes data in an unusable manner) has continued in the first weeks of this year. Due to Ukraine’s call “to cyber arms” and the involvement of the hacker collective Anonymous in the attacks on Russian websites, a further escalation of attacks in cyberspace is very likely in my view. As the BSI has been warning since last week, things could also get a little hotter in cyberspace outside Ukraine.
In my view, many scenarios are conceivable, and quite a few also affect IT and critical infrastrucutre.
Should the will to victory become so powerful that it is to be won at any cost, more targeted attacks on the (IT) infrastructure would be conceivable. Especially since the available footage from Ukraine would be harder to create and spread without power and internet supply. Currently, these seem to strengthen the morale of the Ukrainian troops and the population and, conversely, to weaken the Russian one.
In my view, humiliating the Russians by attacking their digital infrastructure, for example, through Anonymous, is also dangerous. On the one hand, because fewer targeted counterattacks are to be feared. These would then probably not be limited to Ukraine. Even if a malware only strikes, for example, if the keyboard layout and operating system are set to Ukrainian, this could affect all companies and institutions with Ukrainian expatriates around the world. But companies with Ukrainian suppliers or customers could also be targeted. In this context, according to the playbook of the last few years, it would only be logical that “nobody” is responsible for such collateral attacks by various cyber gangs like Conti (officially, after all, without state influence) from the Russian point of view. This would probably also be argued if they were unofficially supported by state APT.
On the other hand, a similarly harebrained pretext for further escalation into other regions such as the Baltics could be created by targeted false attribution. Even if NATO members do not interfere in this war through state resources, attacks by Anonymous from these countries could be viewed that way. So far, the aggressor’s reasoning is neither coherent nor consistent. To me, the whole war seems to have been launched a bit too clumsily and naively, so that a targeted escalation could well still be planned.
Regardless of these considerations, I hope that the war in Ukraine will end quickly, especially physically, but also in cyberspace, and claims few victims.
[Update 2022-03-08]: I have added a video (German language):
Translated with www.DeepL.com/Translator (free version)