Russia’s invasion of Ukraine seems to have an unintended impact on cyberspace – reducing the number of ransomware attacks.
“We are witnessing a recent downturn after the Ukrainian invasion,” Rob Joyce, director of cybersecurity at the U.S. National Security Agency, told a virtual forum on Wednesday.
Joyce said one of the reasons for the reduction in ransomware attacks since the Feb. 24 invasion is likely to be awareness-raising and defensive action by U.S. businesses.
He also said some were related to measures taken by the United States and its Western allies against Moscow in response to the war in Ukraine.
“We have confidently seen criminals in Russia complain that the functions of sanctions and the distance of their ability to use credit cards and other payment methods to force Western infrastructure to run these [ransomware] the attacks have become much more difficult, ”Joyce said in an interview with The Cipher Brief’s Cyber Initiatives Group.
“We’ve seen it affect them [Russia’s] operations, “he added.” It lowers the trend a bit. ”
Just days after Russian troops entered Ukraine, US cybersecurity agencies resumed their Shields Up campaign, encouraging companies to take additional security measures to protect themselves from potential cyberattacks by Russia itself or criminal hackers working from name of Moscow.
And these officials warn that Russia still has the potential to do more damage in cyberspace.
“Russia continues to explore options for potential cyberattacks,” said Matthew Hartman of the Cybersecurity and Infrastructure Security Agency at a U.S. Chamber of Commerce meeting last week.
“We see glimpses of targeting and developing access,” Hartmann said, noting that Russia is still refraining from any serious cyberattacks against the West. “We don’t know at what point the calculation may change.”
The FBI’s cyber officials have also expressed concern that the Kremlin may authorize cyber attacks on critical US infrastructure, including the energy, financial and telecommunications sectors, which could be a matter of time.
U.S. and NATO officials on Wednesday also warned that it would be a mistake to think that just because there were few signs of “catastrophic consequences,” Russia was not trying to use its cyber capabilities to its advantage.
“It’s been and still is,” said Stephanie Metka, head of cyber threat analysis at NATO. “There’s a lot of cyber activity going on all the time, and we probably won’t learn about its full extent until we turn on computers.”
Joyce from the NSA said: “If you look at Ukraine, they were a strong target. We saw a number of wiper viruses, seven or eight different or unique wiper viruses that have been thrown into the ecosystem of Ukraine and its neighbors abroad.” Wiper viruses are viruses that erase computer memory.
These included a cyber attack against a satellite communications campaign that disrupted Ukrainian military communications and had the effect of spreading across Europe.
But with the help of the United States and other allies, Ukraine has been able to mitigate the effects, Joyce said.
“Ukrainians have been under threat and pressure for a number of years and so they have continued to adapt, improve and develop their trade skills to such an extent that they establish good defenses and, last but not least, they organize a great response to incidents,” he said. .
Some cybersecurity experts say the ability to respond can be one of the biggest results of an invasion.
“Sustainability matters,” Dmitry Alperovich, founder of Silverado Policy Accelerator and former CrowdStrike cybersecurity technology director, said at a virtual forum on Wednesday. “Ukrainians were very good at restoring networks, quickly mitigating the damage.”
Another key lesson, he said, is the limitations of cyber.
“If you have kinetic options, if you can create a crater somewhere, make a substation, put out a communication system, that’s what you prefer to use,” – said Alperovich. “It’s the simplest [to do] to get lasting damage ”.