Kaspersky: 2022 marked by military conflict

According to Kaspersky’s statement, 2022 is marked by a military conflict that brings with it uncertainty and some serious risks. A series of events that took place in the relevant process made the issue of cyber security even more important.

Covering the most important issues of the year, prepared by Kaspersky researchers in the annual Kaspersky Security Bulletin, the report tracks every stage of the armed events in Ukraine, events taking place in cyberspace and how they relate to operations on the ground.

According to the statement, significant signs and spikes in cyber warfare were seen in the days and weeks before the military conflict. February 24, 2022 witnessed a massive wave of fake ransomware and wiper attacks that indiscriminately affected Ukrainian organizations. Some of these attacks were quite sophisticated, but the volume of wiper and ransomware attacks declined rapidly after the first wave, with a limited number of notable incidents reported thereafter. It has been reported that ideologically motivated groups that stated they were responsible for the original wave of attacks seem to be inactive these days.

On February 24, Europeans relying on ViaSat’s satellite faced massive internet access disruptions. This “cyber incident” began after the Russian Federation publicly announced the start of a “special military operation” in Ukraine. ViaSat sabotage demonstrates once again that cyberattacks are a fundamental building block for modern armed conflicts and can directly support important milestones in military operations. There is no evidence that cyberattacks were part of coordinated military action on both sides later in the conflict. However, there are some key features that define the cyber conflict in 2022.

These features were listed as follows:

Hacktivists and DDoS attacks: The conflict in Ukraine has created a breeding ground for new cyberwar activities by various groups, including cybercriminals and hackers, who want to support their sides. Some groups like the Ukrainian IT Army or Killnet are officially supported by governments and their Telegram channels have hundreds of thousands of subscribers. While attacks by hackers were relatively less sophisticated, experts witnessed an increase in DDoS activity in terms of both the number and duration of attacks over the summer, with an average DDoS attack lasting 18.5 hours in 2022, almost 40 times longer than in 2021 ( about 28 minutes).

Hacking and infiltration:More sophisticated attacks have sought media attention with hacking and infiltration operations, and such attacks have been on the rise since the beginning of the conflict. Such attacks involve breaching an organization and publishing its internal data online, usually through a private website. This is significantly more difficult than a simple falsification, because not all machines contain internal data worth publishing. Toxic open source repositories weaponize open source software. As the conflict drags on, popular open source packages can be used by developers or hackers as a platform for protest or attack. The impact of such attacks can spread far beyond the open source software itself and automatically spread to other packages based on trojan code.

Balkanization: Following the start of the conflict in Ukraine in February 2022, many Western companies are withdrawing from the Russian market, leaving Russian users in a vulnerable position when it comes to getting security updates or support. Security updates are probably the most important issue when vendors end support for products or leave the market.

Kinetic attacks are a more effective way of targeting infrastructure than cyberattacks. 

Costin Raiu, Director of Kaspersky’s Global Research and Analysis Team, said:

“From February 24, we have been confused by the question of whether cyberspace is a true reflection of the conflict in Ukraine, representing the pinnacle of a real and modern ‘cyber war’. Examining all the events that follow military operations in cyberspace, we examine the interplay between cyber and kinetic means. We witnessed a lack of coordination and in many ways we reduced cybercrime to a secondary role. The ransomware attacks observed in the first weeks of the conflict are distracting at best. Once kinetic attacks using missiles and drones are a more effective method of targeting infrastructure than cyber-attacks has been further proven.However,Collateral damage and cyber risks for organizations in nearby countries have increased due to conflict, requiring more advanced defense measures than ever before.”

The full report on the 2022 cyber conflict can be read on the “securelist.com” website.