31 December 2022

Kaspersky uncovers what cyber confrontation looked like in 2022


Woburn, MA, Dec. 26, 2022 (GLOBE NEWSWIRE) -- As part of Kaspersky’s annual Security Bulletin prediction series, experts analyzed cyberspace activities relating to the Ukrainian crisis, observing their meaning in relation to the current conflict, and their impact on the cybersecurity field. The story of the year, prepared by Kaspersky researchers within annual Kaspersky Security Bulletin, tracks every stage of the armed conflict in Ukraine, the events that have taken place in the cyberspace and how they correlated with on-the-ground operations.

2022 was marked by a 20th century-style military conflict that definitely brought uncertainty to and some serious risks of spreading over the continent. While the broader geopolitical analysis of the conflict in Ukraine and its consequences are best left to experts, a number of cyber-events took place during the conflict that turned to be very significant.

Significant signs and spikes in cyberwarfare in the days and weeks pre-dating military conflict were evident. February 24, 2022 saw a massive wave of pseudo-ransomware and wiper attacks indiscriminately affecting Ukrainian entities. Some were highly sophisticated, but the volume of wiper and ransomware attacks quickly subsided after the initial wave, with a limited number of notable incidents subsequently reported. Ideologically-motivated groups that presented themselves in the original wave of attacks appear to be inactive now.

On February 24, Europeans relying on the ViaSat-owned satellite faced major internet access disruptions. This “cyber-eventstarted around 4h UTC, less than two hours after the Russian Federation publicly announced the beginning of a “special military operation” in Ukraine. The ViaSat sabotage once again demonstrates cyberattacks are a basic building block for modern armed conflicts and may directly support key milestones in military operations.

As the conflict has evolved, there is no evidence that the cyberattacks were part of coordinated military actions on either side. However, there are some main characteristics that defined the 2022 cyber confrontation:

Hacktivists and DDoS attacks. The conflict in Ukraine has created a breeding ground for new cyberwarfare activity from various groups including cybercriminals and hacktivists, rushing to support their favorite side. Some groups, such as the IT Army of Ukraine or Killnet, have been officially supported by governments and their Telegram channels include hundreds of thousands of subscribers. While the attacks performed by hacktivists had relatively low complexity, the experts witnessed a spike in DDoS activity during summer period both in number of attacks and their duration. In 2022, an average DDoS attack lasted 18.5 hours, almost 40 times longer compared to 2021 (approx. 28 minutes).

Hack and leak. The more sophisticated attacks attempted to hijack media attention with hack-and-leak operations, and have been on the rise since the beginning of the conflict. Such attacks involve breaching an organization and publishing its internal data online, often via a dedicated website. This is significantly more difficult than a simple defacing operation, since not all machines contain internal data worth releasing.

Poisoned open source repositories, weaponizing open source software. As the conflict drags on, popular open source packages can be used as a protest or attack platform by developers or hackers alike. The impact from such attacks can extend wider than the open source software itself, propagating in other packages that automatically rely on the trojanized code.

Fragmentation. Following the start of the Ukraine conflict in February 2022, many western companies are exiting the Russian market and leaving their users in a delicate position when it comes to receiving security updates or support – and the security updates are probably the top issue when vendors end support for products or leave the market.

No comments: