Cyber trends, threats and the road ahead
James Thorpe
Share this content
Against the backdrop of conflict in Europe, Philip Ingram MBE speaks with industry experts.
The UK’s National Cyber Security Centre (NCSC) has issued an alert to critical national infrastructure (CNI) organisations, warning “that some state-aligned groups have stated an intent to launch ‘destructive and disruptive attacks.’”
It goes on to add: “The threat comes particularly from state-aligned groups sympathetic to Russia’s invasion of Ukraine, the alert said, and has emerged over the past 18 months.”
The threat from Russia, over the war in Ukraine, couldn’t be stated more clearly.
In fact, Jon Bateman, in a Carnegie Group report, was quoted saying: “Ukraine has faced intense levels of Russian offensive cyber-operations since the invasion, but these do not seem to have contributed very much to Moscow’s overall war effort.
“As the war began, Moscow launched what may have been the world’s largest ever salvo of destructive cyber-attacks against dozens of Ukrainian networks.
“Most notably, Russia disrupted the Viasat satellite communications network just before tanks rolled across the border, plausibly hindering Ukraine’s initial defence of Kyiv.”
He went on to add: “[That] no subsequent Russian cyber-attack has had visible effects of comparable military significance and the pace of attacks plummeted after just a few weeks of war.
“Although destructive attacks are most attention-grabbing, Russia’s main cyber-activity in Ukraine has probably been intelligence collection.
“Russian hackers have most likely sought to gather data to inform Moscow’s pre-war planning, kinetic targeting, occupation activities, influence operations and future negotiations with Kyiv.
“However, Russian brutality and incompetence seems to have prevented Moscow from properly leveraging cyber-intelligence.”
The cyber landscape
At Cyber UK, the NCSC’s annual cyber-conference held in Belfast this year, however, Cabinet Office Minister, Oliver Dowden, the Chancellor of the Duchy of Lancaster, described how UK businesses were on the frontline of the country’s cyber-defences and must help defend against groups determined to destroy critical infrastructure.
He described the groups as being “ideologically motivated, rather than financially motivated,” and added that they have begun to target Britain.
To get a better understanding of what is going on and the wider trends linked to the Ukraine-Russia war, I sat down with Ian Thornton-Trump and Chris Spinks, the CISO and Head of Operations respectively, from the Cyber Intelligence Company, Cyjax.
Thornton-Trump set the scene, saying: “Eastern Europe and Russia are enjoying a cyber-crime ‘free for all’ along with a large surge in hacktivist activity in support of Ukraine or in opposition to Ukraine.
“Any thought of cooperation between Russia and EU/UK/US when it comes to cooperation against cyber-criminals has gone out the window with the West and EU/UK supporting Ukraine.
“Current Russian thinking is that any activity which targets ‘The West and wider G-20’ is good for Russia because it’s bad for that group of countries.”
He added: “As we enter a phase of Ukraine Army counter-offensive operations, we will see increased disinformation and destabilisation operations on both sides.
“However, Ukraine seems to be dominating the media news cycle backed with US, UK and German support and near continuous announcements of military support and talks of post-reconstruction loans – as if Russia has nothing to do with the war itself; nothing makes a country feel more inadequate than examining a post-Ukraine financial windfall of development and repair in the war-torn parts.”
The issue around hacktivists is fascinating.
“Chris Spinks explains his thinking, commenting: “The hacktivist space is and always has been, very fickle, with ‘groups’ (read individuals with group team names) jumping on the bandwagon to wreak havoc across the globe in the name of supporting or opposing Russia.”
He added: “The shifts have been fascinating. For example, Killnet, (one of these groups), builds for a while, develops a strong following, declares themselves a Private Military Company (PMC) but then diversifies into crypto money laundering and then dissolves the group as it is too big and unruly!
“Another group, TeamHerox, who are believed to be based in Pakistan, starts off all for Russia, until recently, and now is targeting Russia.
“The hacktivist leopards do change their spots! NoName057(16) and AnonymousSudan, two other groups have specialised in making money through DDoS attacks and ransomware attacks.”
These are some of the groups Dowden was referring to. “The uncoordinated approach of the hacktivist is a fun place to observe,” concluded Spinks.
Looking to how this could change as the conflict continues, and especially as Ukraine takes more and more territory back, Ian Thornton-Trump assesses: “Russian cyber-forces and cyber-criminal gangs will increase frequency and tempo of cyber-operations, espionage and criminal attacks on the west to the point where the rhetoric of attacks being a ‘national security threat’ will turn into defence against Russian attacks becoming ‘national security policy’ – with increasing ‘lean forward’ offensive cyber-operations targeting the ‘money’ and infrastructure of sanctioned individuals and shell corporations which facilitate both crime and Russian cyber-operations.”
Commenting on the overall effect cyber has had, Jon Bateman from Carnegie, continued: “Russia’s experience suggests that damaging cyber-operations can be usefully concentrated in a surprise attack or other major salvo, but they risk fading in relevance during larger, longer wars.”
In the same report, Co-Commentator Nick Beecroft said: “The war has exposed the huge role of the private sector in defending digital networks at national scale.
“Commercial entities have morphed from vendors to vital agents of defence and foreign policies. This tends to raise different priorities among the Western allies.
“In the United States, the concern is whether the ad hoc coalition deployed to defend Ukraine could be replicated elsewhere, particularly against a Chinese threat to Taiwan.
“In Europe, there is some unease at the prospect of relying on a ‘cyber-umbrella’ provided by a handful of US corporations. Both perspectives encounter similar unanswered questions concerning funding and sovereignty.”
What remains most interesting is that the gloom and doom merchants, before the Russian re-invasion of Ukraine, were talking of global cyber-war and a type of cyber-Armageddon.
What is clear, partially because the Russian cyber-threat actors have been attacking Ukraine and the West since before the 2014 invasion, is that many of these actors and the threat they pose, is well understood and mitigated.
The developing nature of the threat means that constant vigilance remains essential.