It’s hard to predict how Russia’s attempted invasion of Ukraine will end. On the Internet, it’s something else entirely. A year after the beginning of the conflict, the trend that emerges is that there does not seem to be any new trend.
After a year of the Russian war of aggression in Ukraine, the cyberwar that so many specialists feared in the spring of 2022 is stalling. In fact, unless the equivalent of a nuclear bomb is still hidden in the Kremlin’s cyber-military arsenal, everything indicates that Russia has already lost the Internet war.
“If we had seen major surprise attacks on the Internet, we would probably have seen them already,” summarizes Pierre-Marc Bureau, programmer and leader of Google’s Threat Analysis Group (TAG) cybersecurity team in Montreal.
More of the same
A report published at the end of last week by Google taking stock of the cyber war between Russia and the coalition now surrounding Ukraine seems to confirm the words of Pierre-Marc Bureau. A first spike in cyber attacks took place last April, in the early days of the ground invasion. A second peak was reached in the fall.
Overall, the volume of attacks against Ukraine has increased by 250% over the past year, compared to previous years. The number of attacks against NATO member countries has increased by 300%. These quickly positioned themselves in favor of Ukraine’s defense, sparking the Kremlin’s anger and, apparently, retaliation concentrated on the Internet.
“It was clearly part of Russian military strategy,” continues Pierre-Marc Bureau. “Most of these attacks came from sources known to be affiliated with the Russian government. Some of these attacks have been particularly effective — in the case of some Ukrainian power plants or satellite networks. But overall, we did not see the damaging impact that we anticipated. »
Above all: in one year, the tools used by Russia and by the more active pirate groups since the beginning of the conflict to wage war in cyberspace have not changed. They remain the same.
“In fact, that may be the trend: we will continue to see a few more cyberattacks, of the same type as those we saw before. There may not be a movement towards new cyber threats,” concludes Pierre-Marc Bureau.
“But at the same time, we can’t really predict what the future will be like…”
Less ransomware than expected
The cyber threat analysis division, also known as Google TAG, is located in four cities around the world. The team of researchers located in Montreal normally focuses more on the analysis of cybercrime, that is, illicit activities on the Internet that aim to produce financial gain.
Let us think in particular of ransomware attacks, which lock and render inoperative the computer system of their victim and which demand a ransom to then unlock it. A few ransomware attacks in 2021 have been wildly successful. In May 2021, the American oil pipeline network Colonial Pipeline was the victim of such an attack, which jeopardized the oil supply of certain cities in the eastern United States. The price at the pump in these areas has jumped. Motorists quickly lined up to stock up, fearing the worst.
When the Russian military crossed the Ukrainian border a year later, a widespread fear in international cybersecurity circles was that such attacks would repeatedly target the critical infrastructure of Western countries opposing to Russia.
If we had seen big surprise attacks on the Internet, we probably would have seen them already.
What the last year’s statistics published by Google TAG reveal is that this threat ultimately did not materialize. “We have not seen any noticeable increase in ransomware attacks in 2022 targeting strategic infrastructure in the United States or within NATO countries, contrary to what was expected at the start of the conflict and especially after claims were made that more would be seen,” write the authors of the Google report titled Fog of war: how the Ukraine conflict transformed the cyber threat landscape.
The emergence of fake videos
Beyond their volume, it is in the technique used to create targeted cyberattacks that the real cybermilitary lesson lies. From this side, we will never go back: the propaganda services now have access to tools as sophisticated as fake voices and videos that allow them to embody any personality on Earth, political or otherwise, past or present.
In the early days of the ground invasion by the Russian military, Ukrainian media sites were hacked to share Russian propaganda. One of the elements of this propaganda was a video of President Volodymyr Zelensky announcing that Ukraine was immediately laying down its arms.
This video was obviously fake. It was posted hours before the “real” President Zelensky appeared before the US Congress to ask for US help.
These kinds of strategies could inspire other cyberattacks in the future, Google TAG thinks. This is what its researchers call “hacktivism”, a form of online activism that does not hesitate to dip into the tools of cybercrime to convey a message, whether true or false.
Nothing new, yet. Nothing that was not avoided or spotted by the cybersecurity already in place. Waiting for the next surprise…