The war takes place on the ground, in the air… but also with cyberattacks. This asymmetrical war because without face, and which already affected the Ukrainian ministry of the Ukrainian Interior, can it extend to the bordering countries, even in France? Can we imagine a concrete effect on the supply of meat or even oil, as was the case last year in the United States? Analysis in Tech 24.
Has the cyberwar between Russia and Ukraine already started?
Clearly, yes. But these are asymmetric attacks that can prove to be as formidable as they are difficult to counter, as they pit entities of disparate size and power against each other in dematerialized digital universes.
Very often, these are computer intrusions aimed at spying and creating technical malfunctions to disrupt the country. Several government sites paid the price on the night of January 13 to 14. A sabotage « is a manifestation of the hybrid war that Russia has been waging against Ukraine since 2014 », the date of the start of the conflict in the Donbass with pro-Russian separatists. And on the other hand, there are informational attacks intended to influence the political debate and affect the morale of the population.
What is the advantage of advancing at this hidden point?
It is to be able to benefit from strategic effects without seeing its direct responsibility called into question. Even if it means relying on groups of cybermercenaries like the Void Balaur collective, named after a mythical monster from Eastern Europe with many heads, or even Earth Lusca.
Governments enjoy using the cyber weapon to conduct offensive actions that cannot be officially attributed to them. Moreover, this maintains the idea that these are spontaneous outbursts of patriots.
This cyberwar also plays on emotion and destabilization
Yes, and bank users or employees of the Ukrainian Ministry of Defense have already paid the price: they suffer denial of service attacks – very often a network is flooded, which leads to the unavailability of digital services.
There have also been changes to the home pages of websites with the display of political messages. As many as 70 government websites in Ukraine have been replaced with the message « be afraid and expect the worst ».
The idea is to weaken in the minds the feeling of resistance and cohesion of the population.
More worryingly, new cyberweapons have been discovered
This is the case, for example, of HermeticaWiper, a data-wiping software that researchers found on hundreds of computers, both in a bank in Ukraine and, worryingly, in Latvia and Lithuania, on Ukrainian government contractor computers. ESET Research Labs estimates that it has already been used to erase data – how much, we don’t know.
There is a second weapon found: Cyclops Blink. It affects firewall devices manufactured by Watchguard and can be found on common routers used in homes and businesses. British and American intelligence agencies attribute it to the Russian hacker group Sandworm, which was responsible for the infamous « NotPetya » attack on Ukraine in 2017.
« NotPetya » was used to infect companies doing business in Ukraine, but ended up spreading across borders and wiping out so much data it cost $10 billion in damage.
Could cyberattacks directly threaten lives?
Damage to critical infrastructure can be as serious as a missile strike, this is called Scada attacks, a large-scale telemanagement system for processing large numbers of telemetry in real time and controlling away from technical installations.
In 2015, malware caused power outages to 700,000 homes in western Ukraine, and in 2016 similar malware knocked out a fifth of Kiev’s total electricity capacity. These only lasted a few hours, but with temperatures as cold as Ukraine, a longer outage could be deadly.
A few years later, in 2018, Ukraine foiled an intrusion into a chlorine plant, possibly intended to pump excess chlorine into the water supply.
What’s the next step ? Are there risks of expansion of this cyberconflict?
Cyberweapons could be used to send symbolic warnings to chancelleries that would be considered too vehement by Moscow, just to make an impression and to involve the populations.
In a country like France, in the middle of an electoral process, there could be risks of manipulation of opinion with fake news, for example, which could have an impact.
How can France best defend itself against cyberattacks?
France has set up a cyber staff specially dedicated to digital conflicts with specially trained personnel. The National Information Systems Security Agency (ANSSI) is notably responsible for administrative protection activities. It can count on companies like Wallix, a French player, inspired by Darktrace, or even Gatewatcher, co-creator of Campus Cyber: using AI to detect intrusions through the analysis of weak signals in a supervised way.
A new service, Viginum, placed within the General Secretariat of Defense and National Security, has the task of identifying disinformation operations, mainly on social networks.
The idea is to provide political authorities with the elements of assessment to conduct responses. This can range from reporting to platforms to legal proceedings or even diplomatic actions. What is certain is that the more you are prepared and the more you have a finesse of analysis, the less the damage is important.